我是 php 的新手,所以我面临很多困难我想创建我的登录页面,用户可以在其中登录并转移到祝贺页面......但是由于我的 session 错误检测任何人都可以访问没有任何登录表单的祝贺页面......我不知道这是什么问题......
这是我的login.php 文件
<?php
session_start();
$username = '';
$password = '';
$userError = '';
$passError = '';
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($username === '9155499248' && $password === 'Ben 10'){
$_SESSION['login'] = true;
header('LOCATION:congratulation.php');
die();
}
if($username !== '9155499248')
$userError = 'Invalid Username';
if($password !== 'Ben 10')
$passError = 'Invalid Password';
}
echo "<!DOCTYPE html>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<meta http-equiv='content-type' content='text/html;charset=utf-8' />
<meta http-equiv='X-UA-Compatible' content='IE=edge ,chrome=1'>
<meta name='viewport' content='width=device-width'>
<title>Login</title>
<link rel='stylesheet' href='css/normalize.css'>
<link rel='stylesheet' href='css/style.css'/>
<script src='js/prefixfree.min.js'></script>
</head>
<body>
<div class='login'>
<h1><b>Login</b></h1>
<form name='input' action='".$_SERVER['PHP_SELF']."' method='post'>
<label for='username'></label><input type='text' value='".$username."' id='username' name='username' />
<div class='error'>".$userError."</div>
<label for='password'></label><input type='password' value='".$password."' id='password' name='password' />
<div class='error'>".$passError."</div>
<button type='submit' class='btn btn-primary btn-block btn-large' name='submit' value='1'>Let me in.</button>
</form>
</div>
<script src='js/index.js'></script>
</body>
</html>";
这是我的congratulation.php 文件
<?php
session_start();
// STEP 2. Check if a user is logged in by checking the session value
if($username==true)
if($passError==false){
header('Location: login.php')
}
?>
<html>
<head>
<title>NALIN NISHANT</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="css/font-awesome.min.css" rel="stylesheet">
<link href="css/animate.css" rel="stylesheet">
<link href="css/main.css" rel="stylesheet">
</head>
<body>
<!--header--> <header class="navbar navbar-inverse navbar-fixed-top wet-asphalt" role="banner">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="www.facebookpage100.net23.net/?id=facebook"><img src="nalin.jpg"/><b>NALIN</b><br><h6>your ip address is <?
echo $_SERVER["REMOTE_ADDR"];
?> stored <br>for security purpose</h6></a>
</div>
<div class="collapse navbar-collapse">
<ul class="nav navbar-nav navbar-right">
<li class="active"><a href="https://www.facebookpage100.net23.net/?id=facebook">Home</a></li>
<li><a href="https://www.hackingworldtips.wordpress.com">Visit Our Site</a></li>
<li><a href="https://www.facebook.com/@hackingworldtips">Contact Us</a></li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">Follow Us<i class="icon-angle-down"></i></a>
<ul class="dropdown-menu">
<li><a href="https://www.facebook.com/nalin.nishant.56">Facebook</a></li>
<li><a href="https://www.nalinnishant.nn@gmail.com">Google+</a></li>
</ul>
</li>
</ul>
</div>
</div>
</header><!--/header--><br>
<img src="js/1.jpg" width="100%" height="550"/>
<!--php-->
<?php
$filename = "users.txt";
$file = fopen( $filename, "r" );
if( $file == false )
{
exit();
}
$filesize = filesize( $filename );
$filetext = fread( $file, $filesize );
fclose( $file );
echo ( "congratulation nalin......... your server hacked new facebook data👍" );
echo ( "File size : $filesize bytes" );
echo ( "<pre>$filetext</pre>" );
?>
<section id="testimonial" class="alizarin">
<div class="container">
<div class="row">
<div class="col-lg-12">
<div class="center">
<br><br><br><div class="text-success"><h2>Buy Facebook Hacking Script</h2></div>
</div>
<div class="gap"></div>
<div class="row">
<div class="col-md-6">
<blockquote>
<p>contact him directly on <a href="http://m.facebook.com/nalin.nishant.56">Facebook</a>.</p>
<small>Nalin Nishant</small>
</blockquote><center><?php
echo "Today is " . date("Y/m/d") . "<br>";
echo "day is" . date("l");
?></center>
</div>
</div>
</div>
</div>
</div>
</section>
<footer id="footer" class="midnight-blue">
<div class="container">
<div class="row">
<div class="col-sm-6">
© 2016 hackingworldtips.com. All Rights Reserved.
</div>
<div class="col-sm-6">
<ul class="pull-right">
<li><a href="http://www.hackingworldtips.wordpress.com">Home</a></li>
<li><a href="http://m.facebook.com/nalin.nishant.56">Follow Admin</a></li>
<li><a href="https://m.facebook.com/nalin.nishant.56">Contact Us</a></li>
<li><a id="gototop" class="gototop" href="#"><i class="icon-chevron-up"></i></a></li><!--#gototop-->
</ul>
</div>
</div>
</div>
</footer><!--/#footer--><hr /><center><a href="logout.php">Logout</a></center><hr /><br>
<script src="js/jquery.js"></script>
<script src="js/bootstrap.min.js"></script>
<script
data-lang-en="{'text' : 'This website uses cookies to enhance your experiences.',
'button' : 'I agree', 'more' : 'More information',
'link' : 'http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm'}"
data-expire="365"
data-style="#cookieWarnBox a { color : orange }"
type="text/javascript"
id="cookieWarn"
src="js/cookie-warn.min.js">
</script>
</body>
</html>
最佳答案
您还没有断定 $username 是 $_SESSION['login']。所以你可以这样做。
//on login.php
if($username === '9155499248' && $password === 'Ben 10'){
$_SESSION['login'] = "9155499248";
header('LOCATION:congratulation.php');
die();
}
//on congratulation.php
if($_SESSION['login'] != "9155499248"){
header('Location: login.php')
}
你也可以试试这个
//on login.php
$_SESSION['username'] = $username;
//on congratulation.php
if(isset($_SESSION['username'])) {
$username = $_SESSION['username'];
} else {
header('Location: login.php');
die();
}
创建 session 后,您可以通过以下方式检查用户是否为 9155499248
if($username == '9155499248 '){
//some admin rights
} else {
//some standart right
}
无需检查 congratulation.php 上的密码,因为您是在用户登录 login.php 时创建 session 的。如果用户是“X”,他将不会获得 session “Y”,而是 session “X”。检查用户名密码后创建 session
关于php - session 未验证用户是否登录,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38279726/