下面的代码打破了我的页面...没有显示墙纸或表格。唯一显示的是徽标和登录表单。表格假设登录我,然后显示我的帐户名和一些数字。如何修复以下代码?
<?php
include 'wasudf.php';
//
// get session id
//
$SessionID = $_GET['SessionID'];
if (!$SessionID)
$SessionID = $_POST['SessionID'];
if (!$SessionID)
$SessionID = $_COOKIE['SessionID'];
if (!$Function)
$Function = $_GET['FunkShun'];
if (!$Function)
$Function = $_POST['FunkShun'];
if (!$Function)
$Function="Home";
if (!$SessionID)
{
echo' <form action="index.php" method="post" id="LoginForm" style="color:#FFF">';
echo' <input type="hidden" name="SessionID" value="new"></input>';
echo' Username:';
echo' <label>';
echo' <input type="text" name="AccountNo" value="" class="input" size="28"></input>';
echo' </label>';
echo' <BR /><BR />';
echo' Password:';
echo' <label>';
echo' <input type="password" name="Password" value="" class="input" size="30"></input>';
echo' </label>';
echo' <BR /><BR />';
echo' <input type="image" src="images/input-img.gif" value="Log On" class="input-img"></input>';
echo' <BR /><br />';
echo' <a href="#" class="link" style="font-size:12px;">Register now!</a> <a href="#" style="font-size:12px;">Forgotten your password?</a> ';
echo' </form>';
return;
}
//
// this is a new session - add to web session table
//
if ($SessionID == "new")
{
$AccountNo = check_input(strtoupper(trim($_POST['AccountNo'])));
$Password = check_input(strtoupper(trim($_POST['Password'])));
if (!$AccountNo)
ExitLogOn("Invalid Account/Password");
$rs=mysql_query("select * from accounts where code='$AccountNo' and password='$Password'",$db);
$row=mysql_fetch_array($rs);
if (!$row)
ExitLogOn("Invalid Account/Password!");
mysql_query("update system set nextsession = nextsession + 1",$db);
$rs=mysql_query("select * from system",$db);
$row=mysql_fetch_array($rs);
$SessionID = $row['nextsession'];
//
// ensure this session does not exist already
// also remove any sessions belonging to this account
// - ie account can only be logged on one workstation at any time
//
mysql_query("delete from websession where sessionid='$SessionID' or account='$AccountNo'",$db);
$Expiry=strtotime("+1 hour");
$xCommand = "insert into websession set ";
$xCommand = $xCommand . "sessionid='$SessionID',";
$xCommand = $xCommand . "ipaddress='" . $_SERVER['REMOTE_ADDR'] . "',";
$xCommand = $xCommand . "account='$AccountNo',";
$xCommand = $xCommand . "password='$Password',";
$xCommand = $xCommand . "date='" . date('YmdHis',$Expiry) . "'";
mysql_query($xCommand,$db);
}
$rs=mysql_query("select * from websession where sessionid='$SessionID'",$db);
$row=mysql_fetch_array($rs);
if (!$row)
{
mysql_query("delete from websession where sessionid='$SessionID'",$db);
mysql_query("delete from elist where code='$SessionID'",$db);
ExitLogOn("Session Expired");
}
if ($row['date'] < date('YmdHis'))
{
mysql_query("delete from websession where sessionid='$SessionID'",$db);
mysql_query("delete from elist where code='$SessionID'",$db);
ExitLogOn("Session Expired!!");
}
$Expiry=strtotime("+1 hour");
$xCommand = "update websession set ";
$xCommand = $xCommand . "date='" . date('YmdHis',$Expiry) . "'";
$xCommand = $xCommand . "where sessionid='$SessionID'";
mysql_query($xCommand,$db);
$AccountNo = $row['account'];
$Password = $row['password'];
$MiscData = $row['data'];
$rs=mysql_query("select * from accounts where code='$AccountNo' and password='$Password'",$db);
$row=mysql_fetch_array($rs);
if (!$row)
ExitLogOn("Invalid Account/Password!!");
$Name = trim($row['name']);
$Balance = $row['balance'];
if ($Function == "Home")
{
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="post">';
echo '<input type="hidden" name="SessionID" value="' . $SessionID . '"></input>';
echo '<table width=800 align=center>';
echo ' <tr>';
echo ' <td align=center colspan="4" style="color:#F93;">';
echo $Name;
echo ' </td>';
echo ' </tr>';
echo ' <tr>';
echo ' <td align=center colspan="4" style="color:#F93;">';
echo ' Current Balance $ ' . snumber($Balance,10);
echo ' </td>';
echo ' </tr>';
echo ' <tr>';
echo ' <td align=center colspan="4">';
echo '  ';
echo ' </td>';
echo ' </tr>';
echo '</table>';
echo '</form>';
}
?>
您在同一页面上同时使用GET和POST。
$SessionID = $_GET['SessionID'];
if (!$SessionID)
$SessionID = $_POST['SessionID'];
if (!$SessionID)
$SessionID = $_COOKIE['SessionID'];
if (!$Function)
$Function = $_GET['FunkShun'];
if (!$Function)
$Function = $_POST['FunkShun'];
$Function的所有重新分配是什么?