0
Ich bin zur Zeit einige Probleme mit mit einer Webseite erstellen, die nur zugänglich ist, wenn ein Benutzer angemeldet hat.Webseite nur zugänglich, wenn in (PHP) angemeldet
Ich habe hier verschiedene Themen durchgesehen, aber ohne Erfolg . Jede Hilfe mit diesem würde sehr geschätzt werden.
Hier ist mein Code:
login.php
<?php
Include('connect.php');
if (isset($_REQUEST['Submit']))
{
if($_REQUEST['user_id']=="" || $_REQUEST['password']=="")
{
echo " Field must be filled";
}
else
{
$sql1= "select * from student where email= '".$_REQUEST['user_id']."' && password ='".$_REQUEST['password']."'";
$result=mysql_query($sql1)
or exit("Sql Error".mysql_error());
$num_rows=mysql_num_rows($result);
if($num_rows>0)
{
session_start($_SESSION['Login']);
Echo "You have logged in successfully";
header("Location: statistics.html");
}
else
{
echo "Wrong username or password.";
}
}
}
?>
<!DOCTYPE html>
<html class="no-js">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>PHP Login Form</title>
<meta name="description" content="">
<meta name="viewport" content="width=device-width">
<link rel="stylesheet" href="css/bootstrap.css">
<link rel="stylesheet" href="css/main.css">
</head>
<body>
<div class="container">
<div class="row" style="margin-top:20px">
<div class="col-xs-12 col-sm-8 col-md-6 col-sm-offset-2 col-md-offset-3">
<form name="form_login" method="post" action="login.php" role="form">
<fieldset>
<h2>Please Sign In</h2>
<hr class="colorgraph">
<div class="form-group">
<input name="user_id" type="text" id="user_id" class="form-control input-lg" placeholder="Email Address">
</div>
<div class="form-group">
<input type="password" name="password" id="password" class="form-control input-lg" placeholder="Password">
</div>
<span class="button-checkbox">
<button type="button" class="btn" data-color="info">Remember Me</button><!-- Additional Option -->
<input type="checkbox" name="remember_me" id="remember_me" checked="checked" class="hidden">
<hr class="colorgraph">
<div class="row">
<div class="col-xs-6 col-sm-6 col-md-6">
<input type="submit" name="Submit" value="Login" class="btn btn-lg btn-success btn-block">
</div>
</div>
</fieldset>
</form>
</div>
</div>
</div>
</body>
</html>Und statistics.html (Seite, die nur zugänglich sein sollte, wenn angemeldet)
<?php
include ("login.php")
\t session_start();
\t if(!isset($_SESSION['Login']))
\t {
\t header("Location:login.php");
\t die();
\t }
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
\t <title>Personal Website</title>
\t <link rel="stylesheet" href="../../CSS/stylesheetmain.css">
\t <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css">
\t <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap-theme.min.css">
\t </head>
\t \t <body>
\t \t \t <!--Navigation Bar-->
\t \t \t <div class="row">
\t \t \t \t <div class="darkgrey column col-md-8 col-md-offset-2 col-xs-12 col-s-12">
\t \t \t \t \t <nav class="navbar navbar-background-color">
\t \t \t \t \t <div class="container-fluid">
\t \t \t \t \t <div class="navbar-header">
\t \t \t \t \t <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1"><!--Reference: Bootstrap, 2015. getbootstrap.com. [Online] Available at: http://getbootstrap.com/ [Accessed 01 April 2015]-->
\t \t \t \t \t <span class="sr-only">Toggle navigation</span>
\t \t \t \t \t <span class="icon-bar"></span>
\t \t \t \t \t <span class="icon-bar"></span>
\t \t \t \t \t <span class="icon-bar"></span>
\t \t \t \t \t </button>
\t \t \t \t \t <a class="navbar-brand" href="../index.html"></a>
\t \t \t \t \t </div>
\t \t \t \t \t <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
\t \t \t \t \t <ul class="nav navbar-nav navbar-right">
<li class="active"><a href="../index.html">Home</a></li><!--Edits made: Removed active button -->
<li><a href="AboutMe.html">About Me</a></li>
<li><a href="Blog.html">Blog</a></li>
<li><a href="ContactMe.html">Contact Me</a></li>
<li><a href="Login.html">Login</a></li>
</ul>
\t \t \t \t \t </div><!-- /.navbar-collapse -->
\t \t \t \t \t </div><!-- /.container-fluid -->
\t \t \t \t \t </nav>
\t \t \t \t </div>
\t \t \t </div>
\t \t \t <div class="row">
\t \t \t \t <div class="navbarbottom column col-md-8 col-md-offset-2 col-xs-12 col-s-12"></div>
\t \t \t </div>
\t \t \t <!--Page Title-->
\t \t \t <div class="row">
\t \t \t \t <div class="title mediumbluetext col-md-8 col-md-offset-2 col-xs-0 col-s-0">
\t \t \t \t \t <center><h1>Statistics</h1></center>
\t \t \t \t </div>
\t \t \t </div>
\t \t \t <!--Main Body-->
\t \t \t <div class="row">
\t \t \t \t <!--Left Column Spacer-->
\t \t \t \t <div class="maintextleftbackground column col-md-2 col-xs-0 col-s-0">
\t \t \t \t \t <script type="text/javascript" src="//s7.addthis.com/js/300/addthis_widget.js#pubid=ra-52f8f8c0164b330f" async="async"></script>
\t \t \t \t </div>
\t \t \t \t <!--Middle Column-->
\t \t \t \t <div class="maintext80 column col-md-8 col-xs-12 col-s-8 col-s-offset-2"><br>
\t \t \t \t \t <div id="main-chart-container"></div>
\t \t \t \t \t <div id="breakdown-chart-container"></div>
\t \t \t \t \t <div id="embed-api-auth-container"></div>
\t \t \t \t \t <div id="view-selector-container"></div>
\t \t \t \t </div>
\t \t \t \t <!--Right Column Spacer-->
\t \t \t \t <div class="maintextrightbackground column col-md-2 col-xs-0 col-s-0">
\t \t \t \t </div>
\t \t \t </div>
\t \t \t <!--Footer Bar-->
\t \t \t <div class="row">
\t \t \t \t <div class="darkgrey column col-md-8 col-md-offset-2 col-xs-12 col-s-12">
\t \t \t \t \t <nav class="navbar-background-color">
\t \t \t \t \t \t <div class="container-fluid">
\t \t \t <p class="navbar-text navbar-right"><a href="../SiteMap/SiteMap.html" class="navbar-link">SiteMap</a></p>
\t \t \t \t \t \t </div>
\t \t \t \t \t </nav>
\t \t \t \t </div>
\t \t \t </div>
\t <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
\t \t <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js"></script>
\t \t <script>
\t \t \t (function(w,d,s,g,js,fs){
\t \t \t g=w.gapi||(w.gapi={});g.analytics={q:[],ready:function(f){this.q.push(f);}};
\t \t \t js=d.createElement(s);fs=d.getElementsByTagName(s)[0];
\t \t \t js.src='https://apis.google.com/js/platform.js';
\t \t \t fs.parentNode.insertBefore(js,fs);js.onload=function(){g.load('analytics');};
\t \t \t }(window,document,'script'));
\t \t </script>
</body> \t
</html>Egal was ich versuche, ich kann nicht scheinen, um den Code zu arbeiten. Die Dateien befinden sich ebenfalls im selben Verzeichnis.
Jede Hilfe mit diesem würde sehr geschätzt werden.
Ihr Code ist anfällig für SQL-Injection-Angriffe. Sie sollten [mysqli] (http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) oder [PDO] (http://php.net/manual/en/pdo.prepared-) verwenden. Statements.php) vorbereitete Anweisungen wie in [dieser Beitrag] (http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) beschrieben. –
Die 'mysql_ *' Funktionen sind ab PHP v5.5 veraltet und wurden ab v7.0 entfernt. Sie sollten nicht für neuen Code verwendet werden und sollten für [mysqli] (http://php.net/manual/en/book.mysqli.php) oder [PDO] (http://php.net/manual) getauscht werden /de/book.pdo.php) Äquivalente so schnell wie möglich. –