我有以下名为admin的控制器
class Admin extends CI_Controller {
public function __construct() {
parent::__construct();
$this->load->model('admin_model');
}
public function index()
{
$this->load->library('session');
$this->load->database();
if (!$this->session->userdata('user_id') || !$this->session->userdata('user_name'))
{
header("Location: /admin/login");
}
else
{
$user_id = $this->session->userdata('user_id');
$user_name = $this->session->userdata('user_name');
if (!$this->admin_model->verify($user_id, $user_name))
header("Location: /admin/login");
}
$this->load->view('templates/header');
$this->load->view('admin/index');
$this->load->view('templates/footer');
}
public function login()
{
$this->load->view('templates/header');
$this->load->helper('form');
$this->load->library('form_validation');
$this->form_validation->set_rules('username', 'Username', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
if ($this->form_validation->run() == FALSE)
{
$data['run'] = false;
}
else if (!$this->admin_model->loginverify($this->input->post('username'),
$this->input->post('password')))
{
$data['run'] = false;
}
else
{
$data['run'] = true;
}
$this->load->view('admin/login', $data);
$this->load->view('templates/footer');
}
}
我有以下模型叫做Admin_model
class Admin_model extends CI_Model
{
public function __construct() {
parent::__construct();
$this->load->database();
}
public function verify($id, $name)
{
if (!is_numeric($id))
return false;
else
{
$query = $this->db->get_where('users', array('id'=>$id, 'username'=>$name), 1);
if ($query->result()->num_rows() === 0)
return false;
else
return true;
}
}
public function loginverify($name, $pass)
{
$pass = md5($pass);
//$query = $this->db->get_where('users', array('username'=>$name, 'passwd'=>$pass), 1);
$query = $this->db->query("SELECT * FROM users WHERE username='$name' AND passwd='$pass' LIMIT 1");
if ($query->result()->num_rows() === 0)
return false;
else
return true;
}
}
我的表格如下:
<?php if (!$run)
{
?>
<form method="post" action="/admin/login">
<h5>Username</h5>
<input type="text" id="username" name="username" value="" size="50" />
<h5>Password</h5>
<input type="password" id="password" name="password" value="" size="50" />
<div><input type="submit" id="submit" name ="submit" value="Login" /></div>
</form>
<?php
}else{
echo "successfully login";
}
?>
我提交时有一个空白页面,当我在Chrome中检查网络时,我发现该帖子导致500内部服务器错误。
当我将直接查询更改为get_where时,如上面的注释行所示,我的严重性为8192,错误消息为mysql_escape_string(): This function is deprecated; use mysql_real_escape_string() instead.
我在这里使用手动表单,但我的CSRF设置为false。我已尝试使用form_open('admin/login'),但后来又变得localhost/?admin/login,并额外加?。
我在这里遇到了所有这些问题,我只是不知道该怎么做。我感谢任何帮助。
答案 0 :(得分:0)
你的表单可能没有指向正确的网址,所以我建议你改变这个:
<form action="/admin/login">
到
<form action="<?php echo site_url('admin/login'); ?>">
然后尝试替换所有headers() methods:
header("Location: /admin/login");
与
redirect(site_url('admin/login'),'',302);
因为从未使用header();与Codeigniter