登录和会话PHP [英] Login and Session PHP
问题描述
我在检查会话,访问页面时遇到一些问题,我需要激活一个会话.
I'm having some problems to check session, to access a page I need to have a session active.
登录过程:
Login process:
//Connect to mysql server
require "reservation/connect.php";
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$login = clean($_POST['user']);
$password = clean($_POST['password']);
//Create query
$qry="SELECT * FROM user WHERE username='$login' AND password='$password'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) > 0) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['user_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['position'];
session_write_close();
//if ($level="admin"){
header("location: admin/dashboard.php");
exit();
}else {
//Login failed
header("location: index.php");
exit();
}
}else {
die("Query failed");
}
?>
身份验证:
Authentication:
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
header("location: index.php");
exit();
}
?>
即使我从表单登录,页面也不会加载并将我重定向回索引!我做错了什么?我放了"require_once('../auth.php');"在页面上,但仍无法正常工作.
Even if i log in from the form, the page doesn't load and redirect me back to index! What i'm doing wrong? I put "require_once('../auth.php');" on the page but it's still not working.
推荐答案
这是因为它正在进入语句的else
部分,这意味着$result
为0或false.
That is because it is getting into else
part of the statement , which means $result
is 0 or false.
因此原因是查询必须失败..因此添加mysql_error()
这样.
So the reason is the query must be failing.. So add mysql_error()
like this..
$result=mysql_query($qry) or die(mysql_error());
要知道确切原因.
此(mysql_*
)扩展名从PHP 5.5.0
开始不推荐使用,以后将被删除.而是应使用MySQLi
或PDO_MySQL
扩展名.切换到PreparedStatements
可以更好地抵御SQL Injection攻击!
This(mysql_*
) extension is deprecated as of PHP 5.5.0
, and will be removed in the future. Instead, the MySQLi
or PDO_MySQL
extension should be used. Switching to PreparedStatements
is even more better to ward off SQL Injection attacks !
这篇关于登录和会话PHP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!