如果用户尚未登录,如何将其重定向到登录页面? [英] How to redirect users to login page if they haven't logged in?
问题描述
我的登录页面login.php具有以下代码:
I have the following code for my login page login.php:
<form method="post" action="confirmLoginCredentials.php">
<h2>LOGIN</h2>
<p>Username: <input type="text" name="username" /></p>
<p>Password: <input type="password" name="password" /></p>
<p><input type="submit" name="submit" value="Login" /></p>
</form>
提交后,它将重定向到confirmLoginCredentials.php,即:
After submitting, It redirects to confirmLoginCredentials.php which is:
<?php
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
require_once 'config.php';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$q = "SELECT first_name, last_name FROM users WHERE user_name = '$username' AND password = '$password'";
$result = $mysqli->query($q) or die(mysqli_error($mysqli));
if (!mysqli_num_rows($result) == 1) {
header("Location: login.php");
}
else {
setcookie('authorized', 1, 0);
header("Location: index.php");
}
?>
这可以正常工作,并且如果用户已成功登录,它将用户重定向到索引页面.如果我的网站上所有页面尚未登录,如何将用户重定向到login.php页面? (换句话说,如果用户尚未登录,则用户将无法访问我的网站的内容)我应该在我网站的所有其他页面中输入什么代码?
This works fine and it redirects the user to the index page if they have logged in successfully. How do I redirect the user to the login.php page from all pages in my website if they have not yet logged in? (in other words, the user cannot access the contents of my site if they have not logged in) what code should i put in all other pages of my site to do this?
任何帮助将不胜感激!! 谢谢!!
any help will be very much appreciated!! thanks!!
推荐答案
注意:
- 您可以使用会话功能来实现目标
- 请勿将
mysql_*
函数与mysqli_*
混合使用
- 最好使用
mysqli_* prepared statement
,这样就不必转义每个变量,这是防止NOTE:
- You can use SESSION function to achieve your goal
- Do not mix
mysql_*
function withmysqli_*
- It is better to use
mysqli_* prepared statement
so you don't have to escape each of your variables, and it is a better way to prevent SQL injections.
您的config.php:
Your config.php:
<?php $mysqli = new mysqli("DB_HOST", "DB_USER", "DB_PASSWORD", "DB_NAME"); /* REPLACE NECESSARY DATA INSIDE */ /* check connection */ if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit(); } ?>
您的confirmLoginCredentials.php:
Your confirmLoginCredentials.php:
<?php session_start(); /* START THE SESSION */ include("config.php"); if($stmt = $mysqli->prepare("SELECT first_name, last_name FROM users WHERE user_name = ? AND password = ?")){ $stmt->bind_param("ss",$_POST["username"],$_POST["password"]); /* BIND VARIABLES TO YOUR QUERY */ $stmt->execute(); /* EXECUTE THE QUERY */ $stmt->store_result(); $result = $stmt->num_rows; /* STORE NUMBER OF ROWS */ $stmt->bind_result($firstname,$lastname); /* STORE THE RESULT */ $stmt->fetch(); /* FETCH THE RESULT */ $stmt->close(); /* CLOSE THE STATEMENT */ if($result == 1){ /* IF FOUND ONE */ $_SESSION["username"] = $firstname; /* STORE THE USERNAME INTO A SESSION VARIABLE */ header("LOCATION:index.php"); /* REDIRECT USER TO INDEX PAGE */ } else { /* IF NO RESULT FOUND */ header("LOCATION:login.php"); /* REDIRECT USER TO LOGIN PAGE */ } } /* END OF PREPARED STATEMENT */ ?>
然后创建一个header.php以包含在您的所有页面中,但您的login.php除外:
Then create a header.php to be included in all your pages, excluding your login.php:
<?php session_start(); if(empty($_SESSION["username"])){ /* IF NO USERNAME REGISTERED TO THE SESSION VARIABLE */ header("LOCATION:login.php"); /* REDIRECT USER TO LOGIN PAGE */ } ?>
index.php中的示例:
Example in your index.php:
<?php include("header.php"); ?> <!-- YOUR INDEX PAGE -->
如果已登录的用户访问了您的登录页面,您可以将其重定向到索引页面,如下所示:
If a logged-in user accessed your login page, you can redirect him/her to the index page like this:
<?php session_start(); if(!empty($_SESSION["username"])){ /* IF USERNAME IS ALREADY ASSIGNED ON SESSION VARIABLE */ header("LOCATION:index.php"); /* REDIRECT USER TO INDEX PAGE */ } ?> <form method="post" action="confirmLoginCredentials.php"> <h2>LOGIN</h2> <p>Username: <input type="text" name="username" /></p> <p>Password: <input type="password" name="password" /></p> <p><input type="submit" name="submit" value="Login" /></p> </form>
对于您的logout.php,您可以使用
unset()
,它看起来像这样:For your logout.php, you can use
unset()
and would look like this:<?php session_start(); unset($_SESSION["username"]); header("LOCATION:login.php"); ?>
附加说明:
- 如果要使用会话变量或函数,则应在代码的开头加上
session_start();
. - You should have
session_start();
at the beginning of your code if you're gonna use a session variable or functions.
Extra Note:
这篇关于如果用户尚未登录,如何将其重定向到登录页面?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!