<?php
$title = "Log In";
require_once('comment/header.php');
$error_msg ='';
//检测用户是否已经登录
if (!isset($_SESSION['user_id'])) {
if (isset($_POST['submit'])) {
require_once('dbc.php');
$username = mysqli_real_escape_string($dbc,trim($_POST['username']));
$password = mysqli_real_escape_string($dbc,trim($_POST['password']));
if (!empty($username) && !empty($password)) {
$query = "select * from match_user where username='$username' and password = SHA('$password')";
$data = mysqli_query($dbc,$query);
//如果是已存在用户,设置cookie,跳转到index页
if (mysqli_num_rows($data)==1) {
$row = mysqli_fetch_array($data);
setcookie('user_id',$row['user_id'],time()+(60*60*24*30));
$_SESSION['user_id'] = $_COOKIE['user_id'];
setcookie('username',$row['username'],time()+(60*60*24*30));
$_SESSION['username'] = $_COOKIE['username'];
$home_url = 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']).'/mismatch_index.php';
// echo $home_url;
header('Location:'.$home_url);
}else{
$error_msg = 'Sorry,you must enter a valid username and password to login in.';
}
}else{
$error_msg = 'Sorry,you must enter your name and password to log in.';
}
}
}
if (empty($_SESSION['user_id'])) {
echo '<p class="error">'.$error_msg.'</p>';
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<fieldset>
<legend>Log In</legend>
<label for="username">User name:</label>
<input type="text" name="username" id="username" value="<?php if(!empty($user)) echo $user; ?>" /><br>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</fieldset>
<input type="submit" name="submit" value="submit">
</form>
<?php
}else{
echo '<p>you are logged in as '.$_SSEION['user_name'].'</p>';
$home_url = 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']).'/mismatch_index.php';
header('Location:'.$home_url);
}
require_once('comment/footer.php');
?>