0
我想要做的是根据$ _SESSION是否设置,在相同的位置显示两个单独的div。表单显示何时没有发现$ _SESSION,并且帐户信息显示何时有$ _SESSION。发生什么事是我登录时发生的一切,它将我发送到具有相同表单的同一屏幕,但是当我刷新浏览器时,帐户信息显示替换表单。任何人都可以看到为什么当我最初签署某人并设置了$ _SESSION时,交换没有进行?
$signedIn='<h3 id="signedInHeader">Welcome </h3><p><a href="convenientaddaddress.php"> Add Address </a></p>
<p><a href="convenientaccountinfo.php"> Account Info </a></p>
<p><a href="convenientsignout.php"> Sign Out </a></p>
<p><a href="convenientaddcreditcard.php"> Add C Card </a></p>';
$form='<form id="signInForm" method="POST" action="index.php"><h3 id="formHeader">Sign Into Account</h3><br/>
<p id="pRegister"><a id="register" href="convenientregisterpage.php"> Register </a></p><br/>
<label>Email Addr:</label><input type="text" name="userEmail" id="email" size="15"/><br/>
<label>Password:</label><input type="password" name="password" id="password" size="15"/><br/>
<input type="submit" value="Sign In" id="formSubmit" name="submit"/> </form>';
$username='';
$username=$_SESSION['userName'];
if(!$username){
$signedInForm=$form;
}
if(isset($username)){
$signedInForm=$signedIn;
}
$username="";
$email=$_POST['userEmail'];
$password=$_POST['password'];
if(isset($_POST['submit'])){
if(empty($email) || empty($password)){
$msg_to_user3="Fill in both fields";
}
else{
$results=mysql_query("SELECT * FROM register WHERE userEmail='$email'");
if (mysql_num_rows($results)==0)
$msg_to_user3 ="No such User";
else
{
while ($login_row = mysql_fetch_assoc($results))
{
$password_db = $login_row['password'];
if ($password!=$password_db){
$msg_to_user3 ="Password doesn't match";
}
if ($password_db!=$password)
$msg_to_user2="<a id='forgetpassword' href='convenientforgotpassword.php'>Forget Password</a>";
else
{
$active = $login_row['active'];
$userEmail = $login_row['userEmail'];
if ($active==0)
$msg_to_user3= "Activate account at ($userEmail) </p>";
else
{
//assign session
$_SESSION['userName']=$username;
}
}
}
}
}
}
您的登录脚本容易受到SQL注入攻击。 – Lauri 2012-07-22 15:38:32
在那里你没有'session_start()'。 – 2012-07-22 15:39:01
是的,我有一个session_start(); – 2012-07-22 15:46:50