Gdy wpisuje poprawne hasło i login nie nie przechodzi do pliku gra.php a gdy błędne nie wyświetla się komunikat o błędzie.
index.php:
<?php
session_start();
if((isset($_SESSION['zalogowany'])) && ($_SESSION['zalogowany'] == true))
{
header('Location:gra.php');
exit();
}
?>
<DOCTYPE html>
<html lang="pl">
<head>
<meta charset="utf-8"/>
<meta http-equiv="X-UA-Compatibile" content="IE=edge,chrome==1"/>
<title>Osadnicy</title>
</head>
<body>
<form action="zaloguj.php" method="post">
Login:<br/><input type="text" name="login"/><br/>
Hasło:<br/><input type="password" name="haslo"/><br/>
<input type="submit" value="Zaloguj się"/>
</form>
<?php
if(isset($_SESSION['blad'])) echo $_SESSION['blad'];
?>
</body>
</html>
zaloguj.php:
<?php
session_start();
if((!isset($_SESSION['login']))||(!isset($_SESSION['haslo'])))
{
header('Location: index.php');
exit();
}
require_once"connect.php";
$polaczenie = @new mysqli($host,$db_user,$db_password,$db_name);
if($polaczenie->connect_errno!=0)
{
echo"Error:".$polaczenie->connect_errno;
}
else
{
$login = $_POST['login'];
$haslo = $_POST['haslo'];
$login = htmlentities($login, ENT_QUOTES, "UTF-8");
$haslo = htmlentities($haslo, ENT_QUOTES, "UTF-8");
$sql ="SELECT*FROM uzytkownicy WHERE user='$login' AND pass='$haslo'";
if($rezultat =@$polaczenie->query(
sprintf("SELECT*FROM uzytkownicy WHERE user='%s' AND pass='%s'",
mysqli_real_escape_string($polaczenie,$login),
mysqli_real_escape_string($polaczenie,$haslo))))
{
$ilu_userow = $rezultat->num_rows;
if($ilu_userow>0)
{
$_SESSION['zalogowany'] = true;
$wiersz= $rezultat->fetch_assoc();
$_SESSION['id'] = $wiersz['id'];
$_SESSION['user'] = $wiersz['user'];
$_SESSION['drewno'] = $wiersz['drewno'];
$_SESSION['kamien'] = $wiersz['kamien'];
$_SESSION['zboze'] = $wiersz['zboze'];
$_SESSION['email'] = $wiersz['email'];
$_SESSION['dnipremium'] = $wiersz['dnipremium'];
unset($_SESSION['blad']);
$rezultat->free_result();
header('Location: gra.php');
}
else
{
$_SESSION['blad']= '<span style="color:red">Nieprawidłowy login lub hasło!</span>';
header('Location:index.php');
}
}
$polaczenie->close();
}
?>
gra.php:
<?php
session_start();
if((!isset($_SESSION['login']))||(!isset($_SESSION['haslo'])))
{
header('Location: index.php');
exit();
}
require_once"connect.php";
$polaczenie = @new mysqli($host,$db_user,$db_password,$db_name);
if($polaczenie->connect_errno!=0)
{
echo"Error:".$polaczenie->connect_errno;
}
else
{
$login = $_POST['login'];
$haslo = $_POST['haslo'];
$login = htmlentities($login, ENT_QUOTES, "UTF-8");
$haslo = htmlentities($haslo, ENT_QUOTES, "UTF-8");
$sql ="SELECT*FROM uzytkownicy WHERE user='$login' AND pass='$haslo'";
if($rezultat =@$polaczenie->query(
sprintf("SELECT*FROM uzytkownicy WHERE user='%s' AND pass='%s'",
mysqli_real_escape_string($polaczenie,$login),
mysqli_real_escape_string($polaczenie,$haslo))))
{
$ilu_userow = $rezultat->num_rows;
if($ilu_userow>0)
{
$_SESSION['zalogowany'] = true;
$wiersz= $rezultat->fetch_assoc();
$_SESSION['id'] = $wiersz['id'];
$_SESSION['user'] = $wiersz['user'];
$_SESSION['drewno'] = $wiersz['drewno'];
$_SESSION['kamien'] = $wiersz['kamien'];
$_SESSION['zboze'] = $wiersz['zboze'];
$_SESSION['email'] = $wiersz['email'];
$_SESSION['dnipremium'] = $wiersz['dnipremium'];
unset($_SESSION['blad']);
$rezultat->free_result();
header('Location: gra.php');
}
else
{
$_SESSION['blad']= '<span style="color:red">Nieprawidłowy login lub hasło!</span>';
header('Location:index.php');
}
}
$polaczenie->close();
}
?>
connect.php
<?php
$host = "localhost";
$db_user = "root";
$db_password = "";
$db_name = "osadnicy";
?>
logout.php:
<?php
session_start();
session_unset();
header('Location: index.php');
?>