MyUsername

MyUsername

关注
发信
关注(28)粉丝(399)

php - PHP,MySQL登录跳过应执行的代码段

我有这两个PHP脚本并排工作:

<?php
session_start();
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="users"; // Database name
$tbl_name="clients"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION["myusername"] = $myusername;
$_SESSION["mypassword"] = $mypassword;




//set POST variables
$url = '127.0.0.1/login_success.php';
$fields = array(
                      'user'=>urlencode($myusername),

                          'password'=>urlencode($mypassword)
               );
$fields_string = '';

//url-ify the data for the POST
foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string,'&');

//open connection
$ch = curl_init();

//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);

//execute post
$result = curl_exec($ch);

//close connection
curl_close($ch);



}
else {
echo "Wrong Username or Password";
}
?>


上面的脚本为用户注册了一个会话,然后使用cURL发布到下一个脚本,

<?php
session_start();

if(isset($_SESSION['myusername'])){

$myusername=$_POST['user'];
$mypassword=$_POST['password'];

//set POST variables
$url = '127.0.0.1//$_SESSION[myusername]/';
$fields = array(
                      'user'=>urlencode($myusername),

                      'password'=>urlencode($mypassword)
               );
$fields_string = '';

//url-ify the data for the POST
foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string,'&');

//open connection
$ch = curl_init();

//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);

//execute post
$result = curl_exec($ch);

//close connection
curl_close($ch);


header("location:../$_SESSION[myusername]/");

}

?>

<html>
<body>
Login Failed
</body>
</html>


假设最后一个脚本检查$ _SESSION是否设置。如果已设置,则必须在if下运行代码。

但是发生的事情是,即使具有正确的凭据,最后一个脚本也会跳过HTML部分(“登录失败”)。请告诉我我在做什么错。

最佳答案

您在以下位置失败:header("location:../$_SESSION[myusername]/");和此处:$url = '127.0.0.1//$_SESSION[myusername]/';

header("location:../$_SESSION[myusername]/");替换为header("location:../".$_SESSION['myusername']."/");

要么

$newvar = $_SESSION['myusername'];
header("location:../$newvar/");


$url = '127.0.0.1//$_SESSION[myusername]/';$url = '127.0.0.1/'.$_SESSION['myusername'].'/';

因为您的代码中$ _SESSION数组的键没有''(双引号)来获取其值,而$url = '127.0.0.1//$_SESSION[myusername]/';具有//(两个斜杠),并且也使用单引号将不会获取变量的值,但是它将分配带有$标记的变量名称到新变量。如果要在引号内写入变量,请使用双引号。

关于php - PHP,MySQL登录跳过应执行的代码段,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/23910833/

10-11 17:35
Powered by LMLPHP ©2024 MyUsername 0.044278