Admin Login funktioniert nicht

Question

Ich habe ein Admin-Login-Skript, das die Sitzung nach erfolgreichem Login startet, aber das Problem ist, dass es uns korrekt anmeldet und uns zu index.php umleitet, aber bei index.php heißt es Ihre Login-Sitzung ist nicht in der Datenbank aufgezeichnet.

<?php 
// This file is www.developphp.com curriculum material 
// Written by Adam Khoury January 01, 2011 
// http://www.youtube.com/view_play_list?p=442E340A42191003 
session_start(); 
if (!isset($_SESSION["manager"])) { 
    header("location: admin_login.php"); 
    exit(); 
} 
// Be sure to check that this manager SESSION value is in fact in the database 
$managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters 
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]); // filter everything but numbers and letters 
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters 
// Run mySQL query to be sure that this person is an admin and that their password session var equals the database information 
// Connect to the MySQL database 
include "../storescripts/connect_to_mysql.php"; 
$sql = mysqli_query($conn,"SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1"); // query the person 
// ------- MAKE SURE PERSON EXISTS IN DATABASE --------- 
$existCount = @mysqli_num_rows($conn,$sql); // count the row nums 
if ($existCount == 0) { // evaluate the count 
    echo "Your login session data is not on record in the database."; 
    exit(); 
} 
?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title>Store Admin Area</title> 
<link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" /> 
</head> 

<body> 
<div align="center" id="mainWrapper"> 
    <?php include_once("../template_header.php");?> 
    <div id="pageContent"><br /> 
    <div align="left" style="margin-left:24px;"> 
     <h2>Hello store manager, what would you like to do today?</h2> 
     <p><a href="inventory_list.php">Manage Inventory</a><br /> 
     <a href="#">Manage Blah Blah </a></p> 
    </div> 
    <br /> 
    <br /> 
    <br /> 
    </div> 
    <?php include_once("../template_footer.php");?> 
</div> 
</body> 
</html> 

Mein admin_login.php

<?php 
// This file is www.developphp.com curriculum material 
// Written by Adam Khoury January 01, 2011 
// http://www.youtube.com/view_play_list?p=442E340A42191003 
session_start(); 
if (isset($_SESSION["manager"])) { 
    header("location: index.php"); 
    exit(); 
} 
?> 
<?php 
// Parse the log in form if the user has filled it out and pressed "Log In" 
if (isset($_POST["username"]) && isset($_POST["password"])) { 

    $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); // filter everything but numbers and letters 
    $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); // filter everything but numbers and letters 
    // Connect to the MySQL database 
    include "../storescripts/connect_to_mysql.php"; 
    $sql = mysqli_query($conn,"SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person 
    // ------- MAKE SURE PERSON EXISTS IN DATABASE --------- 
    $existCount = mysqli_num_rows($sql); // count the row nums 
    if ($existCount == 1) { // evaluate the count 
     while($row = mysql_fetch_array($sql)){ 
      $id = $row["id"]; 
     } 
     $_SESSION["id"] = $id; 
     $_SESSION["manager"] = $manager; 
     $_SESSION["password"] = $password; 
     header("location: index.php"); 
     exit(); 
    } else { 
     echo 'That information is incorrect, try again <a href="index.php">Click Here</a>'; 
     exit(); 
    } 
} 
?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title>Admin Log In </title> 

</head> 

<body> 
<div align="center" id="mainWrapper"> 

    <div id="pageContent"><br /> 
    <div align="left" style="margin-left:24px;"> 
     <h2>Please Log In To Manage the Store</h2> 
     <form id="form1" name="form1" method="post" action="admin_login.php"> 
     User Name:<br /> 
      <input name="username" type="text" id="username" size="40" /> 
     <br /><br /> 
     Password:<br /> 
     <input name="password" type="password" id="password" size="40" /> 
     <br /> 
     <br /> 
     <br /> 

     <input type="submit" name="button" id="button" value="Log In" /> 

     </form> 
     <p>&nbsp; </p> 
    </div> 
    <br /> 
    <br /> 
    <br /> 
    </div> 
    <?php include_once("../template_footer.php");?> 
</div> 
</body> 
</html> 

Answer 1

Alle Datenbank in Session geschrieben von Ihrem Code ist, nicht von Benutzereingaben, ich glaube nicht, dass Sie REGEX auf sie benötigen, während Passwort Sonderzeichen enthalten kann, diesen Willen gegangen scheitern.

Ersetzen Sie einfach

$managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]); // filter everything but numbers and letters $password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters

mit

$managerID = $_SESSION["id"]); $manager = $_SESSION["manager"]); $password = $_SESSION["password"]);