我正在尝试登录并在网站的同一页面内注册我在html中有此表单
<form name="form1" action="check_login.php" method="post">
<input type="email" id= "email" name="email" required="required" placeholder="Email Address" />
<input type="password" id= "password" name="password" required="required" placeholder="Password"/>
<span><input type="checkbox" class="checkbox">Keep me signed in</span>
<button name="login" type="submit" class="btn btn-default">Login</button>
</form>
和表格
<form name="form2" action="check_login.php" method="post">
<input type="text" id= "fname" name="fname" required="required" placeholder="First Name"/>
<input type="text" id= "mname" name="mname" required="required" placeholder="Middle Name"/>
<input type="text" id= "lname" name="lname" required="required"placeholder="Last Name"/>
<input type="email" id= "email" name="nemail"required="required" placeholder="Email "/>
<input type="password" id= "password" name="npassword"required="required" placeholder="Password"/>
<input type="password" id= "cpassword" name="cpassword"required="required"placeholder="Confirm Password"/>
<select name='gender' class='col-sm-4'>
<option value='male'>male</option>
<option value='female'>female</option>
</select>
<div class='col-sm-offset-8'>
<button name="sign_up" type="submit" class="btn btn-default">Sign up</button> </div>
</form>
他们在同一页面,并导航到我的网站内的其他页面然后我有这个代码在php
if (!empty($_POST['login']))
{
$email = $_POST['email'];
$password = $_POST['password'];
$sql_stmt="select email, password from users where email = '"
.$email."' and password ='".$password."'";
$result= mysqli_query($connection,$sql_stmt);
if ($result)
{
header ("location: index.php");
}
else {
header ("location: login.php");
}
}
if(!empty($_POST['sign_up']))
{
$fname=$_POST['fname'];
$mname=$_POST['mname'];
$lname=$_POST['lname'];
$gender=$_POST['gender'];
$nemail=$_POST['nemail'];
$npassword=$_POST['npassword'];
//if email is already stored ?
$signup="INSERT INTO `users`(`first_name`, `middle_name`, `last_name`,"
. " `gender`, `email`, `password`)"
. " VALUES ('".$fname."','".$mname."','".$lname."','".$gender.
"','".$nemail."','".$npassword."')";
$result1= mysqli_query($connection, $signup);
if ($result1)
{
header ("location: index.php");
}
else {
header ("location: login.php");
}
}
但导航到索引永远不会发生!
答案 0 :(得分:0)
首先,您需要在存储到数据库之前验证用户输入,并且还需要哈希密码,您可以阅读有关哈希here的更多信息并阅读常见问题解答here
还阅读有关准备好的陈述是否使用MySQLi或pdo阅读here:
<?php
if (isset($_POST['login'])) {
$email = userInput($_POST['email']);
$password = userInput($_POST['password']); // verify your password you can learn
$sql_stmt = $connection->prepare("SELECT email,password FROM users where email =? ");
$sql_stmt->bindValue(1, $email);
$sql_stmt->execute();
$results = $sql_stmt->fetchall(PDO::FETCH_ASSOC);
if (count($results > 0 && password_verify($password, $results['password']))) {
$_SESSION['username'] = $results['email'];
header("location:page"); //Login details are correct redirect to page after correct
} else { //email and password do not match
//Return your error message
}
}
if (isset($_POST['sign_up'])) {
$fname = userInput($_POST['fname']);
$mname = userInput($_POST['mname']);
$lname = userInput($_POST['lname']);
$gender = userInput($_POST['gender']);
$nemail = userInput($_POST['nemail']);
$npassword = userInput(password_hash($_POST['npassword'], PASSWORD_DEFAULT));
// check if email already stored/
$sql_stmt = $connection->prepare("SELECT email from users where email = ?");
$sql_stmt->bindValue(1, $nemail);
$sql_stmt->execute();
$results = $sql_stmt->fetchall(PDO::FETCH_ASSOC);
if (count($results) > 0) {
//Email exist print message
} else {
//email does not exist register the user
$sql_stmt = $connection->prepare("INSERT INTO users (first_name, middle_name, last_name,gender, email, password) value(?,?,?,?,?,?) ");
$sql_stmt->execute(array(
1 => $fname,
2 => $mname,
3 => $last_name,
4 => $gender,
5 => $nemail,
6 => $npassword
));
//Print succcess message;
header(); // redirect where u want
}
}
function userInput($data)
{
$data = trim($data);
$data = stripcslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>