所以我在 php 中遇到了代码问题,这让我发疯.. 问题是,我正在制作登录页面,并且我有index.php、login.php 和dashboard.php。 登录表单位于index.php中,在login.php中它检查用户是否在数据库中,以及是否将用户重定向到dashboard.php,但是当我输入正确的用户并通过时,它会将我重定向到index.php而不是dashboard .php??
登录.php
<?php
session_start();
include($_SERVER['DOCUMENT_ROOT'] . "/new_cms/includes/db.php");
$username = $_POST['username'];
$password = $_POST['password'];
$btn = $_POST['submit'];
if(isset($btn)){
if(empty($username) || empty($password)){
echo "You must fill all fields";
}else{
$sql = "SELECT * FROM admins WHERE username = '$username' AND password = '$password'";
$query = mysqli_query($dbconn, $sql);
$rows = mysqli_num_rows($query);
if($rows > 0){
$_SESSION['usr'] = $rows['password'];
header("Location: dashboard.php");
}else{
echo "Invalid login";
}
}
}
?>
仪表板.php
<?php
session_start();
include($_SERVER["DOCUMENT_ROOT"] . "/new_cms/includes/db.php");
include($_SERVER["DOCUMENT_ROOT"] . "/new_cms/admin/login.php");
if(!isset($_SESSION['usr'])){
header("Location: index.php");
}else{
echo "Welcome";
}
?>
我做错了什么?
最佳答案
$rows 只是一个数字,而不是数组,因为您使用了 mysqli_num_rows。您仍然尝试获取 $rows['password']。
相反,获取结果的第一行并使用它分配给 session 变量。
if(isset($btn)){
if(empty($username) || empty($password)){
echo "You must fill all fields";
}else{
$sql = "SELECT * FROM admins WHERE username = '$username' AND password = '$password'";
$query = mysqli_query($dbconn, $sql);
$rows = mysqli_num_rows($query);
if($rows > 0){
$user = mysqli_fetch_assoc($query);
$_SESSION['usr'] = $user['password'];
header("Location: dashboard.php");
}else{
echo "Invalid login";
}
}
}
关于php - session 使用不当?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46214353/