I need help with PHP sessions
I want to create a personalized dashboard for every user and have created a login system.
I am using this code to redirect different users to different pages, but no matter what the username or password is, it is taking me into file1.php.
<?php
session_start();
if ($_SESSION['username'] == "google") {
header("location:file1.php");
}
else if ($_SESSION['username'] == "apple") {
header("location:page2.php");
}
else {
header("location:default.php");
}
?>
Here, Apple and Google are the usernames.
Here's the code that sets the session data.
$connect = @mysql_connect ($host, $username, $password) or die ('error');
$select = @mysql_select_db($db_name, $connect) or die('check');
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM $tbl_name WHERE username='$username' and password='$password' ";
$result = mysql_query($sql);
$count = mysql_num_rows($resu开发者_如何学Golt);
if($count==1) {
session_register("username");
session_register("passsword");
header("location:dashboard.php");
} else {
echo "Username/Password does not match. Try Again.";
}
<?php
$host = "localhost";
$username = "USERNAME OF PHPMYADMIN";
$password = "PASS OF PHPMYADMIN";
$db_name = "membership";
$tbl_name = "users";
$connect = @mysql_connect ($host, $username, $password) or die ('error');
$select = @mysql_select_db($db_name, $connect) or die('check');
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM $tbl_name WHERE username='$username' and password='$password' ";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count==1) {
session_register("username");
session_register("passsword");
header("location:dashboard.php");
}
else
{
echo "Username/Password does not match. Try Again.";
}
?>
tHIS IS THE Other code im using.
Wouldn't you need session_start();
on the page where you query for the username?
Assuming this code is in a separate page.
<?php
session_start();
$connect = @mysql_connect ($host, $username, $password) or die ('error');
$select = @mysql_select_db($db_name, $connect) or die('check');
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM $tbl_name WHERE username='$username' and password='$password' ";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count==1) {
session_register("username");
session_register("passsword");
header("location:dashboard.php");
} else {
echo "Username/Password does not match. Try Again.";
}
?>
make double sure you are using two = signs. a single one will assign as opposed to eval.
also switch would be better
switch ($_SESSION['username']) {
case 'google':
$file='file1.php';
break;
case 'google':
$file='file2.php';
break;
default:
$file='default.php';
break;
}
header("location: $file');
Try doing a print_r on the session variable there may be other issues with your sessions.
<?= print_r($_SESSION['username']) ?>
You should be calling session_start()
before putting the username and password in session, and shouldn't be using session_register()
(as it's deprecated), just use the $_SESSION
global like so
session_start();
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
then on the next page do a start_session()
and var_dump($_SESSION);
and you can see what has been set in session
First of all, you really shouldn't be storing passwords in the database in plaintext. At very least, md5()
them or something.
Second of all, you should escape the values you put into the SQL query (or even better, use MySQLi's prepared statements, if your server has MySQLi enabled) to avoid SQL injections.
Third of all, debug statements do wonders. Have you tried printing out the value of $_SESSION['username']
immediately before the conditional? I have a hard time believing PHP's conditional processing or equality tests would mess up, so the value must be "google" for some reason. I think you'll need to track down assignments to $_SESSION['username']
in your code to try and figure out why.
精彩评论