我有一个愚蠢的问题,我无法弄清楚。当我刷新我的登录页面时,密码和用户名出现在输入字段中。这是我的代码:
<?php include_once "includes/scripts.php"; ?>
<?php
session_start();
include_once ("includes/connect.php");
if (isset($_SESSION['logged_in'])) {
header('location: admin_cms.php');
}else{
if (isset($_POST['username'], $_POST['password'])){
$username = $_POST['username'];
$password = md5($_POST['password']);
if (empty($username) or empty($password)){
$error = '<p>NOTE: Fields are blank</p>';
}else{
$query = $pdo->prepare("SELECT * FROM users WHERE user_name = ? AND user_password =?");
$query->bindValue(1, $username);
$query->bindValue(2, $password);
$query->execute();
$num = $query->rowCount();
if ($num == 1){
$_SESSION['logged_in'] = true;
header('location: admin_cms.php');
exit();
}else{
$error = "<p>NOTE: The username or password is incorrect</p>";
}
}
}
?>
<div id="login_container">
<br><img src="images/camelhorst_logo_full.png" style="margin-top:38px;">
<h1>LOGIN<img src="images/three_column_grid_line.png" alt="line"></h1>
<form acton = "admin.php" method="post" autocompleate="off">
<label>Username:</label>
<input type="text" name="username" placeholder="Your Username" required>
<label>Password:</label>
<input type="password" name="password" placeholder="Your Password" required>
<input type="submit" value="Login" name="submit_login">
</form>
<?php if (isset($error))
{echo $error;}?>
<p id="copyright_admin"> © CAMELHORSE CREATIVE STUDIO 2013 </p>
</div><!--login_container-->
<?php } ?>
</body>
</html>
请有人帮我解决这个问题吗?如果有人发现可能存在安全问题的问题,请纠正我吗?
答案 0 :(得分:8)
autocomplete="off"
例如
<input type="password" name="password" placeholder="Your Password" required autocomplete="off">
Place Holder也可以填充它,以便你可以删除
<input type="password" name="password" required autocomplete="off">
您也可以将autocomplete="off"
放在表单标记
答案 1 :(得分:2)
默认情况下,autocomplete属性设置为“on”。将其关闭将阻止浏览器显示可能已存储的其他值。我很确定autocomplete属性在表单标签内不起作用。在要编辑的输入标记内,放入
autocomplete="off"
更多信息here