登录后PHP登录脚本重定向不起作用

PHP login script redirection not working after login

本文关键字:重定向 不起作用 登录脚本 PHP 登录      更新时间:2023-09-26

我发现并修复了一点,我对PHP不太好,但任何改进都是受欢迎的。

问题是,有时在Chrome和Opera中,但只有在登录成功后,脚本才会在5秒后重定向到欢迎页面,并使用javascript重定向。但有时它会被卡住,不重定向,只是显示一个白色页面而没有错误,其他时候它会重定向并运行良好。它可能是什么?

这是代码

<?php session_start();?>
<?php
include 'inc/connection.php';
$db=mysqli_connect($dbserver, $dbuser, $dbpass, $dbname)or die("DB connection error...");
$username_to_sanitize = $_POST['username'];
$password_to_sanitize = $_POST['password'];
$sanitized_username = mysqli_real_escape_string($db, $username_to_sanitize);
$sanitized_password = mysqli_real_escape_string($db, $password_to_sanitize);
$query = "SELECT password, salt, privilege, username FROM members WHERE username = '$sanitize_username'";
$result = mysqli_query($db, $query);
if(mysqli_num_rows($result) == 0) // User not found. Redirected to login page.
{header('Location:login.php?message=Username not found, please try again');}
$userData = mysqli_fetch_array($result, MYSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $sanitized_password) );
if($hash != $userData['password']) // Incorrect passw. Redirected to login page.
{header('Location:error.php?message=Wrong password, please try again');}
else if($userData['privilege']=="ADMIN"){session_start();
$_SESSION['username']=$userData['username'];
header('Location:redirection.php?URL=admins/index.php');}
else if($userData['privilege']=="MODERATOR"){session_start();
$_SESSION['username']=$userData['username'];
header('Location:redirection.php?URL=moderators/index.php');}
else if($userData['privilege']=="MEMBER"){session_start();
$_SESSION['username']=$userData['username'];
header('Location:redirection.php?URL=members/index.php');}
else if($userData['privilegio']=="BANNED"){session_start();
$_SESSION['username']=$userData['username'];
header('Location:redirection.php?URL=banned/index.php');}
else{
header('Location:error.php?message=su need privileges to acces this site');
exit();
}
?>

在阅读并测试了互联网上发现的新脚本后,我仍然无法在2个月后解决这个问题。知道吗?

你的代码中有很多重复,这很糟糕,因为你重复的每个地方都意味着你需要在更新代码时更改它,这意味着以后会有更多的地方出现bug。

为了提供帮助,我只放入了一个session_start(),并将if/elseif/elseif/elseif...转换为switch语句。

我没有处理位置头本身,而是用http_redirect函数替换了它们,它基本上是为您完成的。要启动,它会为您编码URL,所以您不必担心这一点。

如果您一直看到一个空白页面,那么您应该检查Web服务器的日志(apache或nginx或php-fpm,或者其他什么),看看是否存在错误。否则,打开更好的错误报告;空白页通常只是未报告的错误。

<?php 
session_start();
include 'inc/connection.php';
$db = mysqli_connect($dbserver, $dbuser, $dbpass, $dbname) or die('DB connection error...');
$sanitized_username = mysqli_real_escape_string($db, $_POST['username']);
$sanitized_password = mysqli_real_escape_string($db, $_POST['password']);
$query = "SELECT password, salt, privilege, username FROM members WHERE username = '$sanitized_username'";
$result = mysqli_query($db, $query);
if (mysqli_num_rows($result) == 0) {
    // User not found. Redirected to login page.
    http_redirect('login.php', array('message' => 'Username not found, please try again'), true);
}
$userData = mysqli_fetch_array($result, MYSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $sanitized_password) );
if($hash != $userData['password']) {
    // Incorrect passw. Redirected to login page.
    http_redirect('error.php', array('message' => 'Wrong password, please try again'), true);
}
// Just set the username once
$_SESSION['username'] = $userData['username'];
switch ( $userData['privilege'] ) :
    case 'ADMIN':
        http_redirect('redirection.php', array('URL' => 'admins/index.php'), true);
        break;
    case 'MODERATOR' :
        http_redirect('redirection.php', array('URL' => 'moderators/index.php'), true);
        break;
    case 'MEMBER' :
        http_redirect('redirection.php', array('URL' => 'members/index.php'), true);
        break;
    case 'BANNED' :
        http_redirect('redirection.php', array('URL' => 'banned/index.php'), true);
        break;
    default:
        // The message is weird. Should it be:
        // 'You need privileges to access this site' or something like that?
        http_redirect('error.php', array('message' => 'su need privileges to acces this site'), true);
        break;
endswitch;
http_redirect('error.php', array('message' => 'su need privileges to acces this site'), true);
?>
相关文章: