总的来说,您遇到的问题比重定向问题更重要。如果您创建一个包含在每个基本页面顶部的配置文件,那么您将会有所帮助。另外,使用一些函数将使您的脚本保持可读性,我添加了一些示例。不要使用md5()
对于密码,它已经是“想通了”,可以这么说,因此很容易被破解。你想使用password_hash()
and password_verify()
如果您的 PHP 版本中没有这些(如果可能的话,您应该升级到具有该功能的版本)然后使用 bcrypt 兼容库。另外,在 sql 中使用参数化值,mysqli_real_escape_string()
还不够好。最后,我会切换到 mysqli 的 OOP 版本,在我看来,它更容易使用。
/config.php
<?php
# Create a constant for your domain, this makes redirect super easy!
define('BASE_URL', 'http://www.example.com');
# Create a constant for your root folder (this config should be in the root)
define('ROOT_DIR', __DIR__);
# Create a function dir
define('FUNCTIONS', ROOT_DIR.'/functions');
# Add session to this page
session_start();
# Add our session var creator
include_once(FUNCTIONS.'/setSession.php');
# Add our get session function (use to retrieve session values)
include_once(FUNCTIONS.'/getSession.php');
# Add our message creator (set all messages via this)
include_once(FUNCTIONS.'/setMessage.php');
# Include our redirect function
include_once(FUNCTIONS.'/redirect.php');
/函数/validate.php
<?php
function validate($username, $password, $con, &$errors)
{
# Prepare the statement
$query = $con->prepare("SELECT * FROM users WHERE username = ?");
# Bind the parameter
$query->bind_param('s', $username);
# Execute the query
$query->execute();
# Fetch the row
$result = $query->fetch_assoc();
# Stop if there is no username matching
if(empty($result['password'])) {
$errors[] = "Invalid Username or Password.";
return false;
}
# See if the password matches
return (password_verify($password, $result['password']))? $result : false;
}
/functions/redirect.php
<?php
function redirect($path)
{
header("Location: {$path}");
exit;
}
/functions/setSession.php
<?php
function setSession($key, $value, $multi = false)
{
if($multi)
$_SESSION[$key][] = $value;
else
$_SESSION[$key] = $value;
}
/functions/getSession.php
<?php
function getSession($key = false, $clear = false)
{
if(!empty($key)) {
$value = (isset($_SESSION[$key]))? $_SESSION[$key] : false;
if(isset($_SESSION[$key]) && $clear) {
unset($_SESSION[$key]);
}
return value;
}
return $_SESSION;
}
/functions/setMessage.php
<?php
# It's easier to store in the same key all the time, then you can save multiple
# and retrieve them all at one time with implode()
function setMessage($msg, $key = 'general')
{
setSession($key, $msg, true);
}
/functions/getMessage.php
<?php
function getMessage($key = 'general', $clear = true)
{
return getSession($key, $clear);
}
/登录.php
<?php
# add the config
include_once(__DIR__.'/config.php');
# Preset the errors array
$errors = [];
# Check for login
if (isset($_POST['login_user'])) {
# Set all variables to match keys
$username = (isset($_POST['username']))? trim($_POST['username']) : false;
$password = (isset($_POST['password']))? trim($_POST['password']) : false;
# See if empty
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
# Add the validate function
include_once(FUNCTIONS.'/validate.php');
# Remember, we want to use the OOP version of $db
$results = validate($username, $password, $db, $errors);
# If the user array is set
if (!empty($results)) {
# May as well store all the user data
setSession('user', $results);
# Store username (or use the one in the user array instead)
setSession('username', $username);
# Save the success message
setMessage('You are now logged in', 'success');
# Put in full domain using our constant
redirect(BASE_URL.'/index.html');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}