这是什么问题？

kbchong

我想写一个login的程序，

<?php virtual('/school/smm/Connections/smm.php'); ?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['login'])) {
  $loginUsername=$_POST['login'];
  $password=$_POST['pass'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "test5.php";
  $MM_redirectLoginFailed = "test.php";
  $MM_redirecttoReferrer = true;
  mysql_select_db($database_smm, $smm);
  
  $LoginRS__query=sprintf("SELECT login, pass FROM Tlogin WHERE login='%s' AND pass='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
   
  $LoginRS = mysql_query($LoginRS__query, $smm) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
   
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;         

    if (isset($_SESSION['PrevUrl']) && true) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];   
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" c />
<title>Untitled Document</title>
</head>


<form>


<body>
<form id="form1" name="form1" method="POST" action="<?php echo $loginFormAction; ?>">
  <label></label>
  <input name="login" type="text" />
  <input type="text" name="pass" />
  <label>
  <input type="submit" name="Submit" value="Submit" />
  </label>
</form>
</body>
</html>

可是当我用IE游览的时候却出现。。

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent in /home/fuqicm/domains/fuqi.com.my/public_html/school/smm/login.php on line 14

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/fuqicm/domains/fuqi.com.my/public_html/school/smm/login.php:14) in /home/fuqicm/domains/fuqi.com.my/public_html/school/smm/login.php on line 544503152

请问是什么问题，要怎样解决？谢谢大家！

ikanyuchiew

session_start 之前不可以有任何output

<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start
}
virtual('/school/smm/Connections/smm.php');

.........

改成这样看行不行，很久没动php,希望可以帮到你

[ 本帖最后由 ikanyuchiew 于 14-5-2007 03:19 PM 编辑 ]

kbchong

问题解决，但是不能SUBMIT、。。。。
按了SUBMIT没有作用！！！

ikanyuchiew

确定 submit后，program有执行在以下这condition内吗？

if (isset($_POST['login'])) {

｝

kbchong

没用，看看哪里出错了！！
能不能帮我。。。写一个比较基本的。。谢谢！！

ikanyuchiew

去google找找吧，用keyword "simple php login script"搜索

kbchong

Warning: session_register() [function.session-register]: Cannot send session cookie - headers already sent by (output started at /home/.................smm/checklogin.php:9) in /home............checklogin.php on line 33

请问这是什么意思，要怎样修改？
谢谢！！

ikanyuchiew

将checklogin.php的source放出来，因为要看你的session_register怎么放。。。尤其是line 9

session_register已经不鼓励用了吧 ...

建议你找更好的source code来参考

kbchong

能给点建议吗？
<?php
$host="localhost"; // Host name
$username="123"; // Mysql username
$password="12342"; // Mysql password
$db_name="db"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from signup form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
//header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
</body>
</html>

还有什么更好的方法写login呢？
谢谢！！

ikanyuchiew

</body>
</html>

最后两行为什么是关的？难道最上面还有<html><body>开的tag???如果是有的话，session_register就不能走了

其实你已经懂写了啊，只是没有做encryption还有SQL injection ...

你的code应该没有问题

kbchong

请问要怎样做encryption还有SQL injection ...

kbchong

</body>
</html>

最后两行为什么是关的？难道最上面还有<html><body>开的tag???如果是有的话，session_register就不能走了

请问这个要怎样解决？

ikanyuchiew

</body>
</html>

最后两行为什么是关的？难道最上面还有<html><body>开的tag???如果是有的话，session_register就不能走了

请问这个要怎样解决？

意思是你有这么放？
直接这样解决

<?php

?>
<html>
  <body>
  </body>
</html>


.......................................................

encryption,
如果你用<= php4,可以选择md5();
php5,可以选择 sha1()
自己到这里搜索吧 http://www.php.net/quickref.php

当register时，你就要encrypt用户的password,然后save进database..

当login时，就encrypt当前的password然后和database内已经encrypted 过的password做比较

..........................................................

至于防sql injection,你之前的code就有做防范工作了

  $LoginRS__query=sprintf("SELECT login, pass FROM Tlogin WHERE login='%s' AND pass='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));

当中不明白的function,就请到 http://www.php.net/quickref.php 里了解吧

kbchong

谢谢，我已成功啦。。。谢谢大家的帮忙！！！
我看我还要继续努力。。。。