我有一个管理员登录脚本,它在成功登录后启动会话,但问题是它会将我们正确登录并将我们重定向到index.php,但在index.php处它表示您的登录会话是没有记录在数据库中。管理登录不起作用
<?php
// This file is www.developphp.com curriculum material
// Written by Adam Khoury January 01, 2011
// http://www.youtube.com/view_play_list?p=442E340A42191003
session_start();
if (!isset($_SESSION["manager"])) {
header("location: admin_login.php");
exit();
}
// Be sure to check that this manager SESSION value is in fact in the database
$managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]); // filter everything but numbers and letters
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters
// Run mySQL query to be sure that this person is an admin and that their password session var equals the database information
// Connect to the MySQL database
include "../storescripts/connect_to_mysql.php";
$sql = mysqli_query($conn,"SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1"); // query the person
// ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
$existCount = @mysqli_num_rows($conn,$sql); // count the row nums
if ($existCount == 0) { // evaluate the count
echo "Your login session data is not on record in the database.";
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Store Admin Area</title>
<link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" />
</head>
<body>
<div align="center" id="mainWrapper">
<?php include_once("../template_header.php");?>
<div id="pageContent"><br />
<div align="left" style="margin-left:24px;">
<h2>Hello store manager, what would you like to do today?</h2>
<p><a href="inventory_list.php">Manage Inventory</a><br />
<a href="#">Manage Blah Blah </a></p>
</div>
<br />
<br />
<br />
</div>
<?php include_once("../template_footer.php");?>
</div>
</body>
</html>
我admin_login.php
<?php
// This file is www.developphp.com curriculum material
// Written by Adam Khoury January 01, 2011
// http://www.youtube.com/view_play_list?p=442E340A42191003
session_start();
if (isset($_SESSION["manager"])) {
header("location: index.php");
exit();
}
?>
<?php
// Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["username"]) && isset($_POST["password"])) {
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); // filter everything but numbers and letters
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); // filter everything but numbers and letters
// Connect to the MySQL database
include "../storescripts/connect_to_mysql.php";
$sql = mysqli_query($conn,"SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person
// ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
$existCount = mysqli_num_rows($sql); // count the row nums
if ($existCount == 1) { // evaluate the count
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["manager"] = $manager;
$_SESSION["password"] = $password;
header("location: index.php");
exit();
} else {
echo 'That information is incorrect, try again <a href="index.php">Click Here</a>';
exit();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Admin Log In </title>
</head>
<body>
<div align="center" id="mainWrapper">
<div id="pageContent"><br />
<div align="left" style="margin-left:24px;">
<h2>Please Log In To Manage the Store</h2>
<form id="form1" name="form1" method="post" action="admin_login.php">
User Name:<br />
<input name="username" type="text" id="username" size="40" />
<br /><br />
Password:<br />
<input name="password" type="password" id="password" size="40" />
<br />
<br />
<br />
<input type="submit" name="button" id="button" value="Log In" />
</form>
<p> </p>
</div>
<br />
<br />
<br />
</div>
<?php include_once("../template_footer.php");?>
</div>
</body>
</html>
如果你真的有'<?php'标记之前空格,删除它们,它们会被发送给浏览器,从而破坏你开始会话的能力,因为头文件已经被发送 – RiggsFolly
如果你看看你的PHP错误日志,你可能会看到消息说 – RiggsFolly
如果你需要清理da ta,我建议在您将它存储在SESSION中之前将其清除,而不是在您将它存储在会话中时。但无论请读[SQL注入攻击](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) 看看发生了什么事[Little Bobby Tables ](http://bobby-tables.com/)即使 [如果你逃避投入,它不安全!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around- mysql-real-escape-string) 使用[prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly