开发者

session management: problem displaying username in the header

问答 作者:

I am working on a simple login and logout module for my website without any security. I am using wamp on a windows xp machine. I am creating session when a user submits the login informaton it redirects to a process.php file which creates the session variables and starts session. Now if the login is successful user is redirected to the welcome page which includes a header file(which displays the header i开发者_运维问答nvolving signin logout help options) The problem is the header is not changing the signin link to logout as the user logs successfully. The below code is from process.php which initiates a login.

$username = $_POST['username'];
        $password = $_POST['password'];

        //echo "{$username}:{$password}";
        $connection = mysql_connect("localhost","root","");
        if(!$connection)
        {
            die("Database Connection Failed".mysql_error());
        }
        $db_select = mysql_select_db("tester",$connection);
        if(!$db_select)
        {
            die("Database Selection Failed".mysql_error());
        }
        $result = mysql_query("SELECT * FROM user",$connection);
        if(!$result)
        {
            die("Database Selection Failed".mysql_error());
        }


        $q = "SELECT * FROM user " ."WHERE Name='".$username."' AND Password='".$password. "' ";
         // Run query
         $r = mysql_query($q);

         if ( $obj = @mysql_fetch_object($r) )
        {
            session_start();
            // Login good, create session variables
            $_SESSION["valid_id"] = session_id();
            $_SESSION["valid_user"] = $_POST["username"];
            $_SESSION["valid_time"] = time();

            Header('Location: welcome.php');

The following code is from header.php which is included in welcome.php

    </div>

    <div id = "userdetail">

        <?php

        if(isset($_SESSION["valid_user"]))
        {
            echo($_SESSION["valid_user"]." " ); 
             echo("<a href=logout.php>Logout</a>"); 

        }
        else
        {
            echo("<a href = login.php>Sign In</a>");
        }

        ?>

              | Help |  Search      

            <input type = "text" name = "searchbox" value = "" />
    </div>
</div>

You have to call start_session() every time on every called page. This should always the first call you do in your pages.

on logout call session_destroy.

additionally you should clear the $_SESSION variable

$_SESSION = array();

A coding tip: Split you display stuff from the php code with a template-engine like smarty Your code contains a sql injection bug, see my comment on your post.

you also should use hashed passwords and don't forget the salt. do not store plain passwords into your database.

SQL injection

继续阅读:authenticationphpsession

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9