我有一个表单,在提交时有两个值,user和pass。
$_POST['submit'] = the name of the submit button is "submit"
当用户提交时,我在php中有以下脚本来验证:
$logins = array(
'user1' => 'pass1',
'user2' => 'pass2',
'user3' => 'pass3'
);
foreach($_POST as $key => $value) {
$_POST[$key] = stripslashes($_POST[$key]);
$_POST[$key] = htmlspecialchars(strip_tags($_POST[$key]));
}
/******************************************************************************/
if (isset($_POST['submit'])){
$user = isset($_POST['user']) ? strtolower($_POST['user']) : '';
$pass = isset($_POST['pass']) ? $_POST['pass'] : '';
$report = $_POST['typereport'];
if ($logins[$user] != $pass) {
showForm("Wrong Username/Password");
exit();
}
else {
if ($report == "Clinical") {
$file = $filename;
$contents = file($file);
$string = implode("<br>", $contents);
echo "<head><title>ScoreViewer: Clinical</title></head>";
echo "Logged in as: " . strtoupper($user) . "<br>";
echo "<a href='log2.php'>Sign Out</a>";
echo "<br><br>";
echo "<pre>" . $string . "</pre>";
echo "<br><br>";
}
elseif ($report == "Non-Clinical") {
$file = $filename2;
$contents = file($file);
$string = implode("<br>", $contents);
echo "<head><title>ScoreViewer: Non-Clinical</title></head>";
echo "Logged in as: " . strtoupper($user) . "<br>";
echo "<a href='log2.php'>Sign Out</a>";
echo "<br><br>";
echo "<pre>" . $string . "</pre>";
echo "<br><br>";
}
}
} else {
showForm();
exit();
}
现在将会发生的是,该脚本将比较输入的用户名和密码以查找匹配项。如果找到匹配项并根据报告的类型,将显示该匹配项。但出于某种原因,无论何时按下提交按钮,它都会直接进入IF语句的临床部分。
如果我只使用一个没有数组的用户名/密码,它可以正常工作。如下所示:
$username = "user";
$password = "pass";
foreach($_POST as $key => $value) {
$_POST[$key] = stripslashes($_POST[$key]);
$_POST[$key] = htmlspecialchars(strip_tags($_POST[$key]));
}
/******************************************************************************/
if (isset($_POST['submit'])){
$user = isset($_POST['user']) ? strtolower($_POST['user']) : '';
$pass = isset($_POST['pass']) ? $_POST['pass'] : '';
$report = $_POST['typereport'];
if ($user != $username && $pass != $password) { #$logins[$user] != $pass) {
showForm("Wrong Username/Password");
exit();
}
else {
// decide what to do here if the user and pass is correct, deleted to save space
}
} else {
showForm();
exit();
}
我如何实现我想要完成的目标?
完整的HTML代码:Pastbin
答案 0 :(得分:2)
if ($logins[$user] != $pass) {// there lies error one...
$ user可能不是$ logins数组中的键,请先使用 array_key_exists 进行检查。
然后代码显示滥用“其他”...
showForm("Wrong Username/Password");
exit(); // That condition exits
}
else { // So you do not need this else and the block.
重写它:
$logins = array(
'user1' => 'pass1',
'user2' => 'pass2',
'user3' => 'pass3'
);
foreach($_POST as $key => $value) {
$_POST[$key] = stripslashes($_POST[$key]);
$_POST[$key] = htmlspecialchars(strip_tags($_POST[$key]));
}
/******************************************************************************/
if (isset($_POST['submit'])){
$user = isset($_POST['user']) ? strtolower($_POST['user']) : '';
$pass = isset($_POST['pass']) ? $_POST['pass'] : '';
$report = $_POST['typereport'];
if ((!array_key_exists($user, $logins))||($logins[$user] != $pass)) {
showForm("Wrong Username/Password");
exit();
}
if($report == "Clinical") {
$file = $filename;
$contents = file($file);
$string = implode("<br>", $contents);
echo "<head><title>ScoreViewer: Clinical</title></head>";
echo "Logged in as: " . strtoupper($user) . "<br>";
echo "<a href='log2.php'>Sign Out</a>";
echo "<br><br>";
echo "<pre>" . $string . "</pre>";
echo "<br><br>";
}
// No need if you only have only clinic and non clinic reports...
// elseif ($report == "Non-Clinical") {
else { // now non clinic
$file = $filename2;
$contents = file($file);
$string = implode("<br>", $contents);
echo "<head><title>ScoreViewer: Non-Clinical</title></head>";
echo "Logged in as: " . strtoupper($user) . "<br>";
echo "<a href='log2.php'>Sign Out</a>";
echo "<br><br>";
echo "<pre>" . $string . "</pre>";
echo "<br><br>";
} // this block ends non clinic - clinic choices...
} // this ends the if (isset($_POST['submit']))
else { // and this does if !isset($_POST['submit'])
showForm();
exit();
}
希望这有帮助