我使用sql创建了一个简单的登录系统
它有4个主要组成部分
index -asks用于用户名和密码
checklogin – 检查凭据
logsuccess
主页 – 登录成功后的登陆页面
产生的错误在帖子的末尾给出
Index.PHP asks for username and pass <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD> <TITLE>Nottingham Uni</TITLE> <script type="text/javascript" src="js/mootools-1.2.1-core-yc.js"></script> <script type="text/javascript" src="js/process.js"></script> <link rel="stylesheet" type="text/css" href="style.css" /> </HEAD> <BODY> <center> <div id="intro"> <p> </p> <p><img align="absmiddle" src="images/nott-uni-logo.jpg"></p> </div> <div id="status"> <fieldset><legend align="center">Authentication</legend> <div id="login_response"><!-- spanner --></div> <form id="login" name="login" method="post" action="checklogin.PHP"> <table align="center" width="300" border="0"> <tr> <td width="80">Username</td><td><input id="name" type="text" name="myusername"></td> </tr> <tr> <td>Password</td> <td><input type="password" name="mypassword"></td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td><input id="submit" type="submit" name="submit" value="Login"> </tr> </table> </form> </fieldset> </div> </center> </BODY> </HTML> checklogin.PHP checks for the credentials <?PHP $link = MysqL_connect('www.xxxxx.com','xxxxxx','xxxxxx'); if (!$link) { die('Could not connect: ' . MysqL_error()); } MysqL_select_db("brainoidultrafb",$link); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MysqL injection (more detail about MysqL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = MysqL_real_escape_string($myusername); $mypassword = MysqL_real_escape_string($mypassword); $sql="SELECT * FROM logintbl WHERE stu_email='$myusername' and password='$mypassword'"; $result=MysqL_query($sql); // MysqL_num_row is counting table row $count=MysqL_num_rows($result); // If result matched $myusername and $mypassword,table row must be 1 row if($count==1){ // Register $myusername,$mypassword and redirect to file "login_success.PHP" session_register("myusername"); session_register("mypassword"); header("location:login_success.PHP"); } else { echo "Wrong Username or Password"; } ?> If its success it goes to homepage.PHP logsuccess.PHP is below <?PHP session_start(); if(!session_is_registered(myusername)){ header("location:homepage.PHP"); } ?> <html> <body> Login Successful </body> </html> these codes are give in the following errors Deprecated: Function session_register() is deprecated in /home/content/58/9508458/html/pabrowser/checklogin.PHP on line 29 Warning: session_register() [function.session-register]: Cannot send session cache limiter - headers already sent (output started at /home/content/58/9508458/html/pabrowser/checklogin.PHP:29) in /home/content/58/9508458/html/pabrowser/checklogin.PHP on line 29 Deprecated: Function session_register() is deprecated in /home/content/58/9508458/html/pabrowser/checklogin.PHP on line 30 Warning: Cannot modify header information - headers already sent by (output started at /home/content/58/9508458/html/pabrowser/checklogin.PHP:29) in /home/content/58/9508458/html/pabrowser/checklogin.PHP on line 31
解决方法
而不是做:
session_register("myusername"); session_register("mypassword");
你可以简单地做:
session_start(); $_SESSION['username'] = 'something'; $_SESSION['password'] = 'something';
要检查是否设置了用户名,您可以执行以下操作:
session_start(); if(!isset($_SESSION['username'])){ // not logged in }
请注意,我的检查/初始化正上方有session_start()函数.在您的代码中,您可能希望将其添加到脚本的顶部以防止“Headers already sent by PHP” message.
另外,请不要将MysqL_ *函数用于新代码.他们不再维护,社区已经开始了deprecation process.见red box?相反,您应该了解prepared statements并使用PDO或MySQLi.如果您无法决定,this article将有助于选择.如果你想学习,here is a good PDO tutorial.
关于你的代码的最后一件事.看起来你没有properly hash的密码,这被认为是不好的做法.如果攻击者获取了您的数据库,您可以向数据库中的人员做一些解释(例如,您必须告诉他们攻击者获得了所有密码).
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。