楼上的MM,你能告诉我一下password='{$_POST['password']}'有什么好处吗,还有在$sql="select * from user_regist where username='{$_POST['username']}' and password='{$_POST['password']}' "; 里,为什么不写成: $sql="select * from user_regist where username='$_POST[username]' and password='$_POST[password]' "; 这样不是方便多了吗?
$sql="select * from user_regist where username='{$_POST['username']}' and password='{$_POST['password']}' ";
$query=mysql_query($sql) or die("检索失败");
if(mysql_num_rows)
{
$usid=$_POST['username'];
$usid_pass=$_POST['password'];
session_register("usid");
session_register("usid_pass");
}那各个页面判断时应写:
session_start(); //开启session;
if( isset($_SESSION['usid']) and isset($_SESSION['usid_pass']))
{
//执行语句;
}
else
{
header("location:login.php");//跳到用户登陆的界面;
}
里,为什么不写成:
$sql="select * from user_regist where username='$_POST[username]' and password='$_POST[password]' ";
这样不是方便多了吗?
不正确给出相应的提示。
下面这段代码是应该放在main.php中吗?session_start(); //开启session;
if( isset($_SESSION['usid']) and isset($_SESSION['usid_pass']))
{
//执行语句;
}
else
{
header("location:login.php");//跳到用户登陆的界面;
}
应该是$sql="select * from user_regist where username=$_POST['username'] and password=$_POST['password'] ";
变量如果进了单引号,就成了字符串了。
$sql="select * from user_regist where username=$_SESSION['username'] and password=$_SESSSION['password'] ";
conn.php
main.php
这是3个页面的名称。
Database: hello
Table: user 包含userid,username,userpassword三个字段。如果如果用户名密码和正确,就跳转到main.php
不正确给出相应的提示,并返回login.php各位高手给我一个完整的代码。偶是个新手,快被session折磨疯了。
对PHP的信心也在减弱中,救救我吧。。
然后在需要验证的页面include进去这样很方便
$dbuser="root";
$dbpassword="*******"; $Admin_Conn=mysql_connect($dbhost,$dbuser,$dbpassword);
$err = mysql_error();
if($err)
die("Connect Failed");
?>
<?php
//如果是登录
if(isset($login))
{
$cmd="select * from user where username='$username' and password='$password'";
$result = mysql_db_query("admindb","$cmd",$User_Conn);
$row = mysql_fetch_array($result);
if($row==false)
die("<body bgcolor='#799ae1'><script>alert('用户名密码错误');window.history.back();</script></body>");
else
{
session_register("session_userid");
session_register("session_username");
session_register("session_userpassword");
$session_userid=intval($row["userid"]);
$session_username=$row["username"];
$session_userpassword=$row["userpassword"];
Header("Location: main.php");
exit;
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>用户登录</title>
<link href="right.css" rel="stylesheet" type="text/css">
</head>
<body bgcolor="#799ae1">
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<table width="242" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#FFFFFF">
<form name="form1" method="post" action="index.php">
<tr bgcolor="#799ae1">
<td height="30" colspan="2" bgcolor="#799ae1"> <div align="center">用户登录</div></td>
</tr>
<tr bgcolor="#799ae1">
<td width="99" height="25"> <div align="right">帐号:</div></td>
<td width="140" height="25"> <input name="username" type="text" id="username" size="15" maxlength="20">
</td>
</tr>
<tr bgcolor="#799ae1">
<td height="25"> <div align="right">密码:</div></td>
<td height="25"> <input name="password" type="password" id="password" size="15" maxlength="20"></td>
</tr>
<tr bgcolor="#799ae1">
<td height="30" colspan="2" valign="middle"> <div align="center">
<input type="submit" name="Submit" value="登 录">
<input type="reset" name="Submit2" value="重 置">
<input name="login" type="hidden" id="login" value="1">
</div></td>
</tr>
</form>
</table>
</body>
</html>
session_start();
if(!(session_is_registered("session_username")))
header("location:login.php
.php");?><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title></title>
</head><frameset rows="*" cols="197,*" framespacing="0" frameborder="yes" border="2">
<frame src="left.php" name="left" scrolling="yes" noresize>
<frame src="right.php" name="right">
</frameset>
<noframes><body></body></noframes>
</html>
----------------------------------------------------------------
原贴内容:
那是不是说我登陆之后的每一页最前面都要加一句include"****.php"就OK了?
再有,我在session_register("session_username");
session_register("session_userpassword");时注册了用户名和密码,但是在每一页验证时只验证用户名就能达到效果了.那是不是说我只需写session_register("session_username");就好了?
---------------------------------------------------不要客气,互相共勉。
下面我根据你的短信中的要求写了一个简单的验证代码…………
login.php //登陆界面
login_check.php //登陆验证,包括注册session
main.php //目的页面,需要session验证(include session_check.php)
session_check.php //session验证代码
err.php //错误页面(session未经注册)
---------------------------------------------
//login.php
<center>
<form name="form1" method="post" action="login_check.php">
用户名:<input name="session_username" type="text" size="12" maxlength="16">
<br>
密 码:<input name="session_password" type="password" size="12" maxlength="20"><br><br>
<input name="Submit" type="submit" value="登录">
</form>
</center>
------------------------------------------------------
//login_check.php
<?php
session_start();
if ((isset($_POST['session_username'])) && (isset($_POST['session_password'])))
{
$_SESSION['session_username']=$_POST['session_username'];
header("location:main.php");
exit();
}
else
{
header("location:err.php");
exit();
}
?>
----------------------------------------------
//main.php
<?php
include "session_check.php"
?>
欢迎你,来到main.php页面!
-------------------------------------------------
//session_check.php
<?php
session_start();
//if(!isset($_SESSION['session_username']))
if($_SESSION['session_username']!="xylegend")
{
header("location:err.php");
exit();
}
?>
--------------------------------------------------
//err.php
<?php
echo " error! Return";
?>
-----------------------------------
说明:从login.php页面登陆,用户名:xylegend 密码:pass(或任意)
可以登陆到main.php页面。如果是新窗口中直接访问main.php是不被允许的
(将跳转到err.php页面)。