我创建了一个会话来限制用户通过URL访问主页,并将他们引导到登录页面(index.php)。但是用户无法使用正确的凭据登录,它仍然会引导回登录页面。似乎会话有问题,因为登录没有会话。
index.php(root folfer)
<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="description" content="The Best Restaurant.."><title>Signature Cuisine</title><link rel="stylesheet" href="style.css"><link rel="stylesheet" href="mediaquaries.css"><script src="https://kit.fontawesome.com/5cab703b53.js" crossorigin="anonymous"></script><script src="script.js"></script></head><body><div class="page_title_background" id="login_page_background"><div class="container" id="login_page_form"><form action="includes/login.inc.php" method="post"><h2>LOGIN</h2><div class="login_form"><label>User Name</label><input type="text" id="fname" name="uid" autocomplete="off"></div><div class="login_form"><label>Password</label><input type="password" id="lname" name="pwd" autocomplete="off"></div><div class="adminpage_submitbtn"><button name="login" type="submit" id="login_page_submit_btn">Login</button></div><div class="error-message"><?php$errorMessage = '';if (isset($_GET["error"])) {if ($_GET["error"] == "emptyinput") {$errorMessage = 'Fill in all fields!';} elseif ($_GET["error"] == "wronglogin") {$errorMessage = 'Invalid details!';} elseif ($_GET["error"] == "stmtfailed") {$errorMessage = 'Something went wrong!';} elseif ($_GET["error"] == "none") {$errorMessage = 'Account created!';} elseif ($_GET["error"] == "nouser") {$errorMessage = 'User not found!';}} elseif (isset($_SESSION['error']) && $_SESSION['error'] == 'emptyinput') {$errorMessage = 'Fill in all fields!';}echo '<div class="error">' . $errorMessage . '</div>';?></div></form></div><p class="reg_link_p">New Here? <a href="signup.php">Register!</a></p></div></body></html>
字符串
home.php(根文件夹)
<?phpsession_start();if (!defined('MY_APP')) {// If MY_APP is not defined, redirect to another page or display an error messageheader("Location: index.php");exit();}// Include necessary files such as headerinclude_once 'header.php';?><!---------------------------------------- PAGE 1 ------------------------------><!---------------------------------------- TEST ------------------------------------------><?phpinclude_once 'footer.php';?>
型
login.inc.php(root/includes)
<?phpsession_start();require_once 'dbh.inc.php';require_once 'functions.inc.php';if (isset($_POST["login"])) {$username = $_POST["uid"];$pwd = $_POST["pwd"];if (emptyInputLogin($username, $pwd)) {header('Location:../index.php?error=emptyinput');exit();}$loginResult = loginUser($conn, $username, $pwd);if ($loginResult === "success") {header('Location: ../home.php');exit();} elseif ($loginResult === "nouser") {header('Location: ../index.php?error=nouser');exit();} elseif ($loginResult === "wrongpassword") {header('Location: ../index.php?error=wronglogin');exit();}} else {header('Location:../index.php');exit();}?>
型
functions.inc.php(root/includes)
<?phpsession_start();require_once 'dbh.inc.php';function emptyInputSignup($name, $email, $username, $pwd, $pwdRepeat) {$result;if (empty($name) || empty($email) || empty($username) || empty($pwd) || empty($pwdRepeat) ) {$result = true;} else {$result = false;}return $result;}function invalidUid($username) {$result;if (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {$result = true;} else {$result = false;}return $result;}function invalidEmail($email) {$result;if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {$result = true;} else {$result = false;}return $result;}function pwdMathch($pwd , $pwdRepeat) {$result;if ($pwd !== $pwdRepeat) {$result = true;} else {$result = false;}return $result;}function uidExists($conn, $username) {$sql = "SELECT * FROM ad_users WHERE usersUid = ? OR usersEmail = ?;";$stmt = mysqli_stmt_init($conn);if (!mysqli_stmt_prepare($stmt, $sql)) {header("Location:../index.php?error=stmtfailed");exit();}mysqli_stmt_bind_param($stmt, "ss", $username, $username);mysqli_stmt_execute($stmt);$resultData = mysqli_stmt_get_result($stmt);if ($row = mysqli_fetch_assoc($resultData)) {return $row;} else {return false;}mysqli_stmt_close($stmt);}function createUser($conn, $name, $email, $username, $pwd) {$sql = "INSERT INTO ad_users (usersName, usersEmail, usersUid, usersPwd) VALUES (?,?,?,?);";$stmt = mysqli_stmt_init($conn);if (!mysqli_stmt_prepare($stmt, $sql)) {header("Location:../signup.php?error=stmtfailed");exit();}$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);mysqli_stmt_bind_param($stmt, "ssss", $name, $email, $username, $hashedPwd);mysqli_stmt_execute($stmt);mysqli_stmt_close($stmt);header("Location:../index.php?error=none");exit();}function emptyInputLogin($username, $pwd) {if (empty($username) || empty($pwd)) {return true; // Return true if input is empty}return false; // If not empty, return false}function loginUser($conn, $username, $pwd) {$user = uidExists($conn, $username);if ($user === false) {// User doesn't existreturn "nouser";}$pwdHashed = $user["usersPwd"];$checkPwd = password_verify($pwd, $pwdHashed);if ($checkPwd === false) {// Incorrect passwordreturn "wrongpassword";} else {// Password is correct, set session variables and return successsession_start();$_SESSION["userid"] = $user["usersId"];$_SESSION["useruid"] = $user["usersUid"];$_SESSION["username"] = $user["usersName"];return "success";}}
型
尝试了不同的方法来调试和找到问题,但失败了。我希望用户只能通过index.php登录到home.php,并限制用户使用URL访问主页。
1条答案
按热度按时间sxpgvts31#
在您的主页上,您需要检查会话是否已设置。
字符串