We are trying to create a membership login page.
This is my code.
main_login
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
开发者_如何学运维 <title>Untitled Page</title>
</head>
<body>
<form name="form1" method="post" action="checklogin.php">
<table style="width:300px;border:0;text-align:center;background-color:#CCCCCC">
<tr>
<td>
<table style="width:100%;background-color:#FFFFFF;border:0;">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td style="width:78px">Username</td>
<td style="width:6px">:</td>
<td style="width:294px"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</tr>
</table>
</form>
</body>
</html>
checkLogin.php
<?php
$dbhost = 'localhost';
$dbuser = 'myuse';
$dbpass = 'myPassword';
$dbname = 'myDbName';
// This is an example opendb.php
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');
mysql_select_db($dbname);
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM myTable WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;
$_SESSION['LoggedIn'] = 1;
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
login_success.php
<?php
session_start();
if(!empty($_SESSION['Username']))
{ }
else
{header("location:main_login.php");}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
// Check if session is not registered , redirect back to main page. // Put this
code in first line of web page.
<html>
<body>
Login Successful
</body>
</html>
I am trying to make login_success.php only viewable for members only, but I only get redirected to main_login.php.
I don't think I am sending the Session to login_success.php
Can anybody help? please?
Thanks.
Well, the biggest (and only) problem could be, that while logging in, you set these keys in your $_SESSION array:
$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;
$_SESSION['LoggedIn'] = 1;
but then you check for different one:
$_SESSION['Username']
In your checkLogin.php
page, you're storing the username in $_SESSION['myusername']
and in your login_success.php
page, you're checking to see if $_SESSION['Username']
exists. Change one or the other so they're both the same, and this should fix your problem.
精彩评论