php – 不推荐使用:函数session_register()已弃用,无法修改标头
发布时间:2020-12-13 22:03:55 所属栏目:PHP教程 来源:网络整理
导读:我使用sql创建了一个简单的登录系统 它有4个主要组成部分 index -asks用于用户名和密码 checklogin – 检查凭据 logsuccess 主页 – 登录成功后的登陆页面 产生的错误在帖子的末尾给出 Index.php asks for username and pass !DOCTYPE HTML PUBLIC "-//W3C//
|
我使用sql创建了一个简单的登录系统
它有4个主要组成部分 产生的错误在帖子的末尾给出 Index.php asks for username and pass
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE>Nottingham Uni</TITLE>
<script type="text/javascript" src="js/mootools-1.2.1-core-yc.js"></script>
<script type="text/javascript" src="js/process.js"></script>
<link rel="stylesheet" type="text/css" href="style.css" />
</HEAD>
<BODY>
<center>
<div id="intro">
<p> </p>
<p><img align="absmiddle" src="images/nott-uni-logo.jpg"></p>
</div>
<div id="status">
<fieldset><legend align="center">Authentication</legend>
<div id="login_response"><!-- spanner --></div>
<form id="login" name="login" method="post" action="checklogin.php">
<table align="center" width="300" border="0">
<tr>
<td width="80">Username</td><td><input id="name" type="text" name="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td><input id="submit" type="submit" name="submit" value="Login">
</tr>
</table>
</form>
</fieldset>
</div>
</center>
</BODY>
</HTML>
checklogin.php checks for the credentials
<?php
$link = mysql_connect('www.xxxxx.com','xxxxxx','xxxxxx');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("brainoidultrafb",$link);
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM logintbl WHERE stu_email='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword,table row must be 1 row
if($count==1){
// Register $myusername,$mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
If its success it goes to homepage.php
logsuccess.php is below
<?php
session_start();
if(!session_is_registered(myusername)){
header("location:homepage.php");
}
?>
<html>
<body>
Login Successful
</body>
</html>
these codes are give in the following errors
Deprecated: Function session_register() is deprecated in /home/content/58/9508458/html/pabrowser/checklogin.php on line 29
Warning: session_register() [function.session-register]: Cannot send session cache limiter - headers already sent (output started at /home/content/58/9508458/html/pabrowser/checklogin.php:29) in /home/content/58/9508458/html/pabrowser/checklogin.php on line 29
Deprecated: Function session_register() is deprecated in /home/content/58/9508458/html/pabrowser/checklogin.php on line 30
Warning: Cannot modify header information - headers already sent by (output started at /home/content/58/9508458/html/pabrowser/checklogin.php:29) in /home/content/58/9508458/html/pabrowser/checklogin.php on line 31
解决方法
而不是做:
session_register("myusername");
session_register("mypassword");
你可以简单地做: session_start(); $_SESSION['username'] = 'something'; $_SESSION['password'] = 'something'; 要检查是否设置了用户名,您可以执行以下操作: session_start();
if(!isset($_SESSION['username'])){
// not logged in
}
请注意,我的检查/初始化正上方有session_start()函数.在您的代码中,您可能希望将其添加到脚本的顶部以防止“Headers already sent by PHP” message. 另外,请不要将mysql_ *函数用于新代码.他们不再维护,社区已经开始了deprecation process.见red box?相反,您应该了解prepared statements并使用PDO或MySQLi.如果您无法决定,this article将有助于选择.如果你想学习,here is a good PDO tutorial. 关于你的代码的最后一件事.看起来你没有properly hash的密码,这被认为是不好的做法.如果攻击者获取了您的数据库,您可以向数据库中的人员做一些解释(例如,您必须告诉他们攻击者获得了所有密码). (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |