我正在为一家小型企业开发PHP Web应用程序,现在我正在尝试将登录系统整合到该应用程序中。我有我的login.php页面收集UN / PW并通过$ _POST存储它,我将我的UN / PW存储在带有MD5哈希的MySQL表中。当我从login.php单击登录按钮时,它会调用include / login.inc.php并处理登录。但是,我只在调用login.inc.php时看到一个空白页面。我不确定我的问题在哪里。
的login.php:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-type" content="text/html;charset=utf-8" />
<title>Login Page</title>
<link rel="stylesheet" type="text/css" href="css/login.css" />
</head>
<body>
<form id="login-form" method="post" action="includes/login.inc.php">
<fieldset>
<legend>Login to Inventory System</legend>
<p>Please enter your username and password to access the Inventory system</p>
<label for="username">
<input type="text" name="username" id="username" />Username:
</label>
<label for="password">
<input type="password" name="password" id="password" />Password:
</label>
<label>
<input type="submit" name="submit" id="submit" value="Login" />
</label>
</fieldset>
</form>
</body>
</html>
login.inc.php:
<?php
// Include required MySQL configuration file and functions
require_once('config.inc.php');
require_once('functions.inc.php');
// Start session
session_start();
// Check if user is already logged in
if ($_SESSION['logged_in'] == true) {
// If user is already logged in, redirect to main page
redirect('../index.php');
} else {
// Make sure that user submitted a username/password and username only consists of alphanumeric chars
if ( (!isset($_POST['username'])) || (!isset($_POST['password'])) OR
(!ctype_alnum($_POST['username'])) ) {
redirect('../login.php');
}
// Connect to database
$mysqli = @new mysqli('localhost', 'username', 'password', 'db_name');
// Check connection
if (mysqli_connect_errno()) {
printf("Unable to connect to database: %s", mysqli_connect_error());
exit();
}
// Escape any unsafe characters before querying database
$username = $mysqli->real_escape_string($_POST['username']);
$password = $mysqli->real_escape_string($_POST['password']);
// Construct SQL statement for query & execute
$sql = "SELECT * FROM users WHERE username = '" . $username . "' AND password = '" . md5($password) . "'";
$result = $mysqli->query($sql);
// If one row is returned, username and password are valid
if (is_object)($result) && $result->num_rows == 1) {
// Set session variable for login status to true
$_SESSION['logged_in'] = true;
redirect('../index.php');
} else {
// If number of rows returned is not one, redirect back to login screen
redirect('../login.php');
}
}
?>
有人看到我的问题吗?
谢谢!
答案 0 :(得分:1)
如果您有空白屏幕,则很可能会遇到致命错误。检查错误日志以获取详细信息。或者将它放在脚本的顶部。
error_reporting(E_ALL);
ini_set('display_errors', '1');
我找到了你的一个问题。
// This is a syntax error
if (is_object)($result) && $result->num_rows == 1) {
// Correct
if (is_object($result) && $result->num_rows == 1) {