对于登录屏幕,我做了一些小验证。 现在问题是我不知道如何带来验证错误msg
请参阅其他部分,其中提到了错误消息。
例如:当用户提供无效的用户名和密码时,错误消息为“无效的用户名和密码组合”
<!DOCTYPE html>
<html>
<head>
<title></title>
<link rel="icon" type="img/png" href="pic/logo3.png">
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="css/style.css">
</head>
<body id="loginform">
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "";
$conn = new mysqli($servername, $username, $password, $dbname);
if (isset($_POST['submit']))
{
$name = $_POST['name'];
$pass =$_POST['pass'];
$query = mysqli_query($conn,"SELECT * FROM admin_user WHERE name='$name' and pass='$pass'") or die(mysqli_error());
$row = mysqli_fetch_row($query);
if ($row)
{
if (isset($_POST['remember'])) {
setcookie('name', time()+60*60*7);
}
session_start();
$_SESSION['name'] = $name;
header('location:index.php');
}
else
{
echo '<div class="col-sm-12 text-align--center error">'.'Invalid Username and Password Combination'.'</div>';
}
}
?>
<div class="col-sm-6 align-center loginForm">
<img src="pic/logo.png">
<div class="box">
<form action="" method="post" name="login" class="boxContent">
<label>Username</label><br>
<input class="login-input" type="text" name="name" /><br>
<label>Password</label><br>
<input class="login-input" type="password" name="pass" /><br>
<input class="login-input m-bottom" name="submit" type="submit" value="Login"/>
<input class="bump-left" type="checkbox" name="remember"><label>Remember me</label><br>
</form><br>
<div class="forgot">
<a class="bump-left" href="">Forgot Your Password?</a>
</div>
</div>
</div>
<div class="col-sm-6 col-pad--none">
<div class="bgcontent"><img src="pic/services2.jpg"></div>
</div>
</body>
</html>
答案 0 :(得分:1)
请阅读周杰伦上面的评论,并将其考虑在内并应用所建议的内容,因为这对确保您的安全非常重要 应用
现在回到你的问题,你需要将错误信息存储在一个变量中,然后只是回显你希望信息显示的变量。
<!DOCTYPE html>
<html>
<head>
<title></title>
<link rel="icon" type="img/png" href="pic/logo3.png">
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="css/style.css">
</head>
<body id="loginform">
<?php
$loginError = "";
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "";
$conn = new mysqli($servername, $username, $password, $dbname);
if (isset($_POST['submit']))
{
$name = $_POST['name'];
$pass =$_POST['pass'];
$query = mysqli_query($conn,"SELECT * FROM admin_user WHERE name='$name' and pass='$pass'") or die(mysqli_error());
$row = mysqli_fetch_row($query);
if ($row)
{
if (isset($_POST['remember'])) {
setcookie('name', time()+60*60*7);
}
session_start();
$_SESSION['name'] = $name;
header('location:index.php');
}
else
{
$loginError = '<div class="col-sm-12 text-align--center error">Invalid Username and Password Combination</div>';
}
}
?>
<div class="col-sm-6 align-center loginForm">
<img src="pic/logo.png">
<div class="box">
<?php echo $loginError;?> <!-- error will display here -->
<form action="" method="post" name="login" class="boxContent">
<label>Username</label><br>
<input class="login-input" type="text" name="name" /><br>
<label>Password</label><br>
<input class="login-input" type="password" name="pass" /><br>
<input class="login-input m-bottom" name="submit" type="submit" value="Login"/>
<input class="bump-left" type="checkbox" name="remember"><label>Remember me</label><br>
</form><br>
<div class="forgot">
<a class="bump-left" href="">Forgot Your Password?</a>
</div>
</div>
</div>
<div class="col-sm-6 col-pad--none">
<div class="bgcontent"><img src="pic/services2.jpg"></div>
</div>
</body>
</html>
修改:
根据上述用户评论将所有内容放在一起:
Little Bobby表示您的脚本存在SQL Injection Attacks的风险。 了解MySQLi的预准备语句。甚至逃脱了字符串 不安全!或PDO,
要解决上述问题,你需要使用预处理语句,你有两个选择,1使用mysqli编写或使用PDO编写的语句,关于哪一个比互联网上可用的其他比较更好的论据,{{{ 3}}
老实说,我更喜欢PDO。
从不存储纯文本密码!请使用PHP的内置函数来处理密码安全性。如果您使用的是PHP版本 小于5.5,您可以使用
password_hash()兼容包。 确保您没有逃脱密码或使用任何其他清洁 哈希之前对它们的机制。这样做会更改密码和 导致不必要的额外编码。
因此,上述解决方案是使用password_hash()和password_verify();
那么当你从注册页面插入数据库时,你需要做什么,你需要有一个哈希
$hash = password_hash($_POST['password'],PASSWORD_DEFAULT); Then you will need to store the hashed password in the database which is `$hash()`
这是您使用PDO和password_verify()
<?php
session_start();
/*PDO Connection*/
$host = 'localhost';
$db = 'YOURDATABASE';
$user = 'root';
$pass = 'YOURPASSWORD';
$charset = 'utf8';
$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
$opt = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
$dbh = new PDO($dsn, $user, $pass, $opt);
if (isset($_POST['submit'])) {
$name = $_POST['name'];
$pass = $_POST['pass'];
$LoginMessage = "";
$stmt = $pdo->prepare("SELECT * FROM admin_user WHERE name = ?");
$stmt->execute([$name]);
$results = $stmt->fetch();
if ($results && password_verify($_POST['pass'], $results['pass'])) {
$_SESSION['name'] = $name;
header('location:index.php');
} else {
$loginError = "<div class=\"col-sm-12 text-align--center error\">Invalid Username and Password Combination</div>";
}
}
?>
<div class="col-sm-6 align-center loginForm">
<img src="pic/logo.png">
<div class="box">
<?php echo $loginError;?> <!-- error will display here -->
<form action="" method="post" name="login" class="boxContent">
<label>Username</label><br>
<input class="login-input" type="text" name="name" /><br>
<label>Password</label><br>
<input class="login-input" type="password" name="pass" /><br>
<input class="login-input m-bottom" name="submit" type="submit" value="Login"/>
<input class="bump-left" type="checkbox" name="remember"><label>Remember me</label><br>
</form><br>
<div class="forgot">
<a class="bump-left" href="">Forgot Your Password?</a>
</div>
</div>
</div>
<div class="col-sm-6 col-pad--none">
<div class="bgcontent"><img src="pic/services2.jpg"></div>
</div>
</body>
</html>
答案 1 :(得分:0)
/ *请尝试下面的工作示例代码,我也添加了一些安全补丁* /
$servername = "localhost";
$username = "root";
$password = "";
$dbname = ""; /* database name */
$errorMessage = "";
$conn = new mysqli($servername, $username, $password, $dbname);
if(isset($_POST['submit'])){
$name = isset($_POST['name']) ? mysqli_real_escape_string($conn, trim($_POST['name'])) : ""; /* Escapes special characters in a string */
$pass = isset($_POST['pass']) ? mysqli_real_escape_string($conn, trim($_POST['pass'])) : ""; /* Escapes special characters in a string */
if($name != "" AND $pass != ""){ /* check name and pass for not empty */
$query = mysqli_query($conn,"SELECT * FROM admin_user WHERE name='$name' and pass='$pass'") or die(mysqli_error());
$row = mysqli_fetch_row($query);
if ($row){
if (isset($_POST['remember'])) {
setcookie('name', time()+60*60*7);
}
session_start();
$_SESSION['name'] = $name;
header('location:index.php?sdfsdf');
}else{
$errorMessage = '<div class="col-sm-12 text-align--center error">Invalid Username and Password Combination</div>';
}
}else{
$errorMessage = '<div class="col-sm-12 text-align--center error">Invalid Username and Password Combination</div>';
}
}
echo $errorMessage; /* place it anywhere you want */
答案 2 :(得分:0)
首先,您应该将消息传递给变量,而不是echo,例如:
$tempMessage = "Invalid Username and Password Combination";
然后是你的HTML
<?php if (isset($tempMessage)) : ?>
<div class="yourClass">
<?=$tempMessage?>
</div>
<?php endif ?>
或者您可以将其存储在Session变量中,以便计算错误的登录尝试等等。