当我按下返回按钮离开我的页面时。登录页面不应该出现。因为我已经登录了!当其他用户已经登录时,其他用户如何登录!它应该要求现有用户注销,然后允许其他用户登录!例如:当我们登录Facebook时,并尝试去登录页面。它不打开登录页面,而是打开我们的帐户,因为我们仍然登录!另一个用户可以在没有现有用户注销的情况下登录
帐户页面代码:
<?php
require 'connection.php';
session_start();
?>
<?php
if(isset($_SESSION['id']))
{
$id=$_SESSION['id'];
?>
<!doctype html>
<html>
<head></head>
<body>
<div id="content">
logged in
</div>
</body>
</html>
<?php
}
else
{
header('location:login.php');
die();
}
?>
注册码:
<?php
require 'connection.php';
session_start();
?>
<?php
if(isset($_POST['REGISTER']))
{
$user=$_POST['user'];
$email=$_POST['email'];
$pass=$_POST['pass'];
$sql = "INSERT INTO users (username,email_id,password) VALUES ('$user','$email','$pass');";
$query = mysqli_query($conn, "SELECT * FROM users WHERE email_id='".$email."'");
if(mysqli_num_rows($query) > 0)
{
echo "OOPS! This email id is already registered.";
header ("refresh7; url=login.php");
}
else
{
if($conn->multi_query($sql) === TRUE)
{
echo 'Hello'.' '.$user.'!'.'<br>';
}}}
$conn->close();
header ("refresh:7; url=login.php");
?>
登录页面代码:
<?php
require 'connection.php';
session_start();
?>
<html>
<head></head>
<body>
<div id="left">
<h2> <a href="login.php"> <center> LOGIN </center> </a> </h2>
<form action="" method="post">
<b> Email Id: </b> <input type="email" name="email" placeholder="[email protected]" required> <br> <br>
<b> Password: </b> <input type="password" name="pass" placeholder="****" required> <br> <br>
<input type="submit" value="LOGIN" name="LOGIN">
</form>
<?php
if(isset($_GET['error'])==true)
{
echo '<font color="red"> <p align="center"> username & password does not match! </p> </font>';
}
?>
</div>
<?php
if(isset($_POST['LOGIN']))
{
$email=$_POST['email'];
$pass=$_POST['pass'];
$sql = $conn->query("SELECT * FROM users WHERE email_id='$email' AND password='$pass'");
$row = $sql->fetch_array(MYSQLI_BOTH);
if($row>0)
{
$_SESSION['id'] = $row['id'];
header('location: account.php');
}
else
{
header('location:login.php?error=1');
}}
?>
</body>
</html>
您的代码对SQL注入开放。使用参数化查询。密码也应该散列。 – chris85
每个页面都必须启动会话,并且每个页面都必须检查'$ _SESSION ['id']'以知道登录是否已经执行 – RiggsFolly
@Confiqure请不要忘记在编辑时删除不可编辑的代码片段格式 – Will