登录后如何设置和检查会话? [英] How to set and check a session after login?

问题描述

我是PHP的新手，正在尝试登录页面.我有以下脚本可以运行"，但现在我想设置一个会话，如果用户密码正确，则可以继续到其他页面.因此，我试图找出其他页面上需要哪些内容来检查会话.

I'm new to PHP and struggling with a login page. I have the following script that "works" but now I'd like to set a session if the user's password is correct that I can carry over to other pages. So I'm trying to figure out what needs to be on those other pages to check for the session.

从这开始，如果我在页面上放这样的东西，我会回到:

From this, if I put something like this on the page I'm coming back to:

<?php
if($_SESSION['login'] = "1") {  
echo "you are logged in";
}
else
{
echo "you are not logged in";
}
?>

似乎我一直都在收到我的成功消息.我一定不明白这是如何工作的.任何建议表示赞赏-如果需要，可以完全重写此建议.谢谢！

It seems like I get my success message all the time. I must not be understanding how this works. Any suggestions appreciated--am up for totally rewriting this if I need to. Thanks!

这是我当前的登录脚本:

Here's my current login script:

<?php
// error reporting
ini_set('display_errors',1); 
 error_reporting(E_ALL);
$host="foo"; // Host name
$username="foo"; // Mysql username
$password="foo"; // Mysql password
$db_name="foo"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1) {
session_start();
$_SESSION['login'] = "1";
header ("Location: http://www.google.com");
}
else {  
session_start();
$_SESSION['login'] = '';
header ("Location: http://www.yahoo.com");
}
?>

应用以下建议的更改，我将在页面中返回以下内容:

Applying changes suggested below, I have the following in the page I'm coming back to:

<?php
session_start();
if ($_SESSION['login'] == "1") {  
echo "you are logged in";
}
else if ($_SESSION['login'] == "") 
{
echo "you are not logged in";
}
?>

以及对我的登录脚本的以下更改:

and the following change to my login script:

if($count==1) {
session_start();
$_SESSION['login'] =="1";
header ("Location: login.php");
}
else {  
session_start();
$_SESSION['login'] == "";
header ("Location: login.php");
}

现在无论如何，我都会收到您尚未登录"消息……嗯.

Now no matter what, I'm getting my "you are not signed in" message...hmm.

更新-确定-如果我不对脚本进行==更改，那似乎可以正常工作.如果有

Update--OK--if I DON'T make the == change to my script it seems to work. If I have

if($count==1) {
session_start();
$_SESSION['login'] = "1";
header ("Location: login.php");
}
else {  
session_start();
$_SESSION['login'] = "";
header ("Location: login.php");
} 

这是我在页面中返回的内容:

and this in the page I come back to:

<?php
session_start();
if ($_SESSION['login'] == "1") {  
echo "you are logged in";
}
else if ($_SESSION['login'] == "") 
{
echo "you are not logged in";
?>

...似乎可行.

推荐答案

应为:if($ _SESSION ['login'] =="1")

It should be: if ($_SESSION['login'] == "1")

因为这样做，它会设置值并返回true.

because the way you are doing it, it sets the value and returns true.

这篇关于登录后如何设置和检查会话?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！