开发者

session management: problem displaying username in the header

开发者 https://www.devze.com 2022-12-28 18:45 出处:网络
I am working on a simple login and logout module for my website without any security. I am using wamp on a windows xp machine. I am creating session when a user submits the login informaton it redirec

I am working on a simple login and logout module for my website without any security. I am using wamp on a windows xp machine. I am creating session when a user submits the login informaton it redirects to a process.php file which creates the session variables and starts session. Now if the login is successful user is redirected to the welcome page which includes a header file(which displays the header i开发者_运维问答nvolving signin logout help options) The problem is the header is not changing the signin link to logout as the user logs successfully. The below code is from process.php which initiates a login.

$username = $_POST['username'];
        $password = $_POST['password'];

        //echo "{$username}:{$password}";
        $connection = mysql_connect("localhost","root","");
        if(!$connection)
        {
            die("Database Connection Failed".mysql_error());
        }
        $db_select = mysql_select_db("tester",$connection);
        if(!$db_select)
        {
            die("Database Selection Failed".mysql_error());
        }
        $result = mysql_query("SELECT * FROM user",$connection);
        if(!$result)
        {
            die("Database Selection Failed".mysql_error());
        }


        $q = "SELECT * FROM user " ."WHERE Name='".$username."' AND Password='".$password. "' ";
         // Run query
         $r = mysql_query($q);

         if ( $obj = @mysql_fetch_object($r) )
        {
            session_start();
            // Login good, create session variables
            $_SESSION["valid_id"] = session_id();
            $_SESSION["valid_user"] = $_POST["username"];
            $_SESSION["valid_time"] = time();

            Header('Location: welcome.php');

The following code is from header.php which is included in welcome.php

    </div>

    <div id = "userdetail">

        <?php

        if(isset($_SESSION["valid_user"]))
        {
            echo($_SESSION["valid_user"]." " ); 
             echo("<a href=logout.php>Logout</a>"); 

        }
        else
        {
            echo("<a href = login.php>Sign In</a>");
        }

        ?>

              | Help |  Search      

            <input type = "text" name = "searchbox" value = "" />
    </div>
</div>


You have to call start_session() every time on every called page. This should always the first call you do in your pages.

on logout call session_destroy.

additionally you should clear the $_SESSION variable

$_SESSION = array();

A coding tip: Split you display stuff from the php code with a template-engine like smarty Your code contains a sql injection bug, see my comment on your post.

you also should use hashed passwords and don't forget the salt. do not store plain passwords into your database.

SQL injection

0

精彩评论

暂无评论...
验证码 换一张
取 消