验证用户登录php

时间:2013-06-03 17:08:26

标签: php validation login

快速提问...我的登录页面现在正常运行,以便当用户输入正确的信息时,会将其重定向到会话中的主页。当他们输入错误的信息时,它会将它们重定向回登录页面。

我想要做的是,当他们输入错误信息时,我希望它仍然将它们重定向到登录页面,但我希望它说无效登录,请再试一次。我试图回应它,但它只刷新页面没有回声..

登录页面

<?php include '../../view/header.php'; ?>
<div id="main">
<?php

// Inialize session
session_start();

// Check, if user is already login, then jump to secured page
if (isset($_SESSION['username'])) {
header('Location: ../../admin');
}

?>

<html>

<head>
<title>Login</title>
</head>

<body>

<h3>Admin Login</h3>

<table>
<form method="POST" action="loginproc.php">
<tr><td>Username</td><td>:</td><td><input type="text" name="username" size="20"></td></tr>
<tr><td>Password</td><td>:</td><td><input type="password" name="password" size="20"></td></tr>
<tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" value="Login"></td></tr>
</form>
</table>

</body>

</html>
</div>
<?php include '../../view/footer.php'; ?>

loginproc.php

<?php

// Inialize session
session_start();

// Include database connection settings
require_once('database.php');

// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM user WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string($_POST['password']) . "')");




// Check username and password match
if (mysql_num_rows($login) == 1) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
// Jump to secured page
header('Location: ../../admin');
}
else {
// Jump to login page

header('Location: index.php');

}

?>

2 个答案:

答案 0 :(得分:1)

在重定向之前,您不应使用任何输出。它可能有效,但它也可以在没有重定向的情况下打印出错误。

至于重定向和输出。您可以将一些信息存储到SESSION,根据SESSION重定向然后打印出错误。如果您的错误报告只是简单的事情,您可以使用GET并通过重定向页面在参数中传递它。

答案 1 :(得分:0)

<?php include '../../view/header.php'; ?>
<div id="main">
<?php

// Inialize session
session_start();

// Check, if user is already login, then jump to secured page
if (isset($_SESSION['username'])) {
header('Location: ../../admin');
}
else if (isset($_GET['loginfail']) {
    echo "Please try again later";
}
?>

<html>

<head>
<title>Login</title>
</head>

<body>

<h3>Admin Login</h3>

<table>
<form method="POST" action="loginproc.php">
<tr><td>Username</td><td>:</td><td><input type="text" name="username" size="20"></td></tr>
<tr><td>Password</td><td>:</td><td><input type="password" name="password" size="20"></td></tr>
<tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" value="Login"></td></tr>
</form>
</table>

</body>

loginproc.php

<?php

// Inialize session
session_start();

// Include database connection settings
require_once('database.php');

// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM user WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string($_POST['password']) . "')");




// Check username and password match
if (mysql_num_rows($login) == 1) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
// Jump to secured page
header('Location: ../../admin');
}
else {
// Jump to login page

header('Location: index.php?loginfail=1');

}

?>