这是我的登录.php
<?php
session_start();
require_once('db_connection.php');
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT id, username, full_name FROM users WHERE username = ? AND password = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("ss", $username, $password);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows === 1) {
$user = $result->fetch_assoc();
$_SESSION['user_id'] = $user['id'];
header("Location: profile.php");
exit;
} else {
$error_message = "Invalid username or password.";
}
}
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login - Diary Website</title>
</head>
<body>
<h1>Login</h1>
<form method="post" action="login_process.php">
<label for="username">Username:</label>
<input type="text" name="username" id="username" required><br>
<label for="password">Password:</label>
<input type="password" name="password" id="password" required><br>
<input type="submit" value="Login">
</form>
</body>
</html>
这是我的login_process.php
<?php
session_start();
require_once('db_connection.php'); // Include the file that contains your database connection details.
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = $_POST['username'];
$password = $_POST['password'];
// Validation and sanitation
$username = filter_var($username, FILTER_SANITIZE_STRING);
// Check for empty username
if (empty($username)) {
header("Location: login.php?error=empty_username");
exit;
}
// Check the user's credentials in the database.
$sql = "SELECT * FROM users WHERE username = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows === 1) {
$user = $result->fetch_assoc();
if (password_verify($password, $user['password'])) {
// Password matches, user is authenticated.
$_SESSION['user_id'] = $user['id'];
// Redirect to the landing page (profile.php).
header("Location: profile.php");
exit;
} else {
// Incorrect password.
header("Location: login.php?error=incorrect");
exit;
}
} else {
// User does not exist.
header("Location: login.php?error=notfound");
exit;
}
} else {
// Handle cases where the request method is not POST.
header("Location: login.php");
exit;
}
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
?>
这是我的个人资料.php
<?php
session_start();
if (!isset($_SESSION['user_id'])) {
// If the user is not logged in, redirect them to the login page.
header("Location: login.php");
exit;
}
require_once('db_connection.php'); // Include the file that contains your database connection details.
$user_id = $_SESSION['user_id'];
// Retrieve user profile information from the database.
$sql = "SELECT full_name, nickname, age, creation_date FROM users WHERE id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("i", $user_id);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows === 1) {
$user = $result->fetch_assoc();
} else {
// Handle the case where the user's profile is not found (e.g., database error).
echo "Error: Unable to retrieve user profile. Please try again later.";
}
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
?>
<!DOCTYPE html>
<html>
<head>
<title>User Profile - Diary Website</title>
</head>
<body>
<h1>User Profile</h1>
<a href="diary_form.php">Write a Diary Entry</a>
<a href="logout.php">Log out</a>
<h2>Profile Information</h2>
<?php if (isset($user)) : ?>
<p><strong>Full Name:</strong> <?php echo $user['full_name']; ?></p>
<p><strong>Nickname:</strong> <?php echo $user['nickname']; ?></p>
<p><strong>Age:</strong> <?php echo $user['age']; ?></p>
<p><strong>Account Created On:</strong> <?php echo $user['creation_date']; ?></p>
<?php endif; ?>
</body>
</html>
这是我第一次在这里提问。我希望你可以帮助我。我是一名大学生,计划使用 xampp 的 phpmyadmin 数据库创建一个日记网站
我确实寻找chatgpt推荐的答案,但它不起作用,而且无法查明问题。所以如果这里有php开发人员,请帮忙。谢谢
您确定它停留在登录页面上,而不是从 profile.php 重定向回登录页面吗?
另外,如果在登录页面上有login_process.php的表单流程,那么登录页面顶部的PHP代码的用途是什么?
我猜它的作用正如罐头上所说的那样,只是你没有看到发生了什么。
您的登录页面将定向到login_process并使用$_POST数组,但随后会转到配置文件,该配置文件也尝试使用$_POST数组(现在为空),并且由于无法使用它,因此重定向回登录页面。
HTH