2012-03-09 247 views
-1

我在PHP中新,我试图写一个注册脚本。我的问题是,当我尝试登录时,无法看到用户的菜单。也许问题出在会话和cookies上,但我找不到它。这里是我的代码部分:PHP,登录脚本

的config.php

<?php 
    oB_start(); 
    $con = mysql_connect("localhost","root","123"); 
    if (!$con) { 
    die('Could not connect: ' . mysql_error()); 
    } 
    mysql_select_db("9gag", $con); 
    $logged = MYSQL_QUERY("SELECT * from users WHERE id='$_COOKIE[id]' AND password = '$_COOKIE[password]'"); 
    $logged = mysql_fetch_array($logged); 
?> 

的login.php

<?php 
    oB_start(); 
    include("config.php"); 
    if (!$logged[username]) { 
    if (!$_POST[login]) { 
     echo("<center><form method=\"POST\"> 
      <table> 
      <tr> 
      <td align=\"right\"> 
      User: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\"> 
      </td> 
      </tr> 
      <tr> 
      <td align=\"right\"> 
      Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"password\"> 
      </td></tr><tr> 
      <td align=\"center\"> 
      <input type=\"submit\" name=\"login\" value=\"Sign in\"> 
      </td></tr><tr> 
      <td align=\"center\"> 
      <a href=\"register.php\">Sign up</a> 
      </td></tr></table></form></center>"); 
    } 
    if ($_POST[login]) { 
     $username = $_POST[username]; 
     $password = $_POST[password]; 
     $info = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error()); 

     $data = mysql_fetch_array($info); 
     if($data['PASSWORD'] != $password) { 
      echo "Wrong username or password!"; 
     }else{ 
      $query = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error()); 
      $user = mysql_fetch_array($query); 
      setcookie("id", $user['ID'],time()+(60*60*24*5), "/", ""); 
      setcookie("password", $user['PASSWORD'],time()+(60*60*24*5), "/", ""); 
     } 
    } 
} 
else { 
    echo ("<center>Welcome <b>$logged[username]</b><br /></center> 
       <a href=\"editprofile.php\">Profile</a><br /> 
       <a href=\"logout.php\">Log out</a>"); 
} 
?> 
+2

没有为登录使用cookies。他们不安全。你应该使用会话变量。 – Jon 2012-03-09 20:58:15

+0

尝试'的print_r($登录)',它可以帮助发现问题,我的意思是 - 它可以查询... – 2012-03-09 21:00:23

+1

这么多的地方开始...... *抽搐* ...注射之间,使用的常量数组键,巨大的HTML回声,甚至只是''

...标签也 – Tim 2012-03-09 21:03:05

回答

0

记录的变量$是在第二个文件空的,所以$记录将永远是真实的,与第一部分始终执行:)使用cookie在第二个文件,看看它是否登录或不

+0

实际上,因为他叫'包括(“config.php中”)','$ logged'包含'mysql_fetch_array'结果呼叫;通过检查“用户名”键的存在,他可以有效地查看结果是否有任何行,这表明用户是否已登录。 – Tim 2012-03-09 21:06:22

1

如何有人已经说了变化COOCKIE使用会话,我还没有非常理解你的表/列布局b UT我试图做出更好的代码,以便试试这个:)

的config.php

<?php 
    $con = mysql_connect("localhost","root","123"); 
    if (!$con) { 
    die('Could not connect: ' . mysql_error()); 
    } 
    mysql_select_db("9gag", $con); 
?> 

的login.php

<?php 
    session_start(); 
    ob_start(); 
    include("config.php"); 
    if (!Isset($_SESSION['id'])) { 
    if (!$_POST['login']) { 
     echo '<center><form method="POST"> 
      <table> 
      <tr> 
      <td align="right"> 
      User: <input type="text" size="15" maxlength="25" name="username"> 
      </td> 
      </tr> 
      <tr> 
      <td align="right"> 
      Password: <input type="password" size="15" maxlength="25" name="password"> 
      </td></tr><tr> 
      <td align="center"> 
      <input type="submit" name="login" value="Sign in"> 
      </td></tr><tr> 
      <td align="center"> 
      <a href="register.php">Sign up</a> 
      </td></tr></table></form></center>'; 
    } 
    if ($_POST[login]) { 
     $username = $_POST['username']; 
     $password = $_POST['password']; 
     $info = mysql_query("SELECT * FROM users WHERE username = '".$username."'") or die(mysql_error()); 

     $data = mysql_fetch_array($info); 
     if($data['password'] != $password) { 
      echo "Wrong username or password!"; 
     }else{ 
      $query = mysql_query("SELECT * FROM users WHERE username = '".$username."'") or die(mysql_error()); 
      $user = mysql_fetch_array($query); 
      $_SESSION['username']=$user['username']; 
      $_SESSION['id']=$user['id']; 
      $_SESSION['password']=$user['password']; 
     } 
    } 
} 
else { 
    echo "<center>Welcome <b>".$_SESSION['username']."</b><br /></center> 
       <a href='editprofile.php'>Profile</a><br /> 
       <a href='logout.php'>Log out</a>"; 
} 
?>