Question

我试图在我的php网站上创建一个登录表单，我有以下代码：

<?php
session_start();
require("includes/connect.php");
?>


            <div class="container">
                <form class="form-signin" role="form" action="login.php" method="post">
                    <h2 class="form-signin-heading">Please sign in</h2>
                    <input type="text" class="form-control" placeholder="Username" name="username_login" required autofocus>
                    <input class="form-control" type="password"  placeholder="Password" name="user_password" required>
                    <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
                    <label class="forgotten"><a href="forgottenpass.php">Forgotten password?</a></label>
                </form>

    <?php

    //if an admin or user session is already in progress then dont let them log in, redirect to 'index.php'
    if (isset($_SESSION['admin']) && ($_SESSION['admin'] == true) || isset($_SESSION['user']) && ($_SESSION['user'] == true)) {
        header ("Location: index.php");     
        //if use not logged in then
    }else{
        //if username and password are entered, blank before user fills form
        $usr = (isset($_POST['username_login'])? $_POST['username_login']:null);
        $pwd = (isset($_POST['user_password'])? $_POST['user_password']:null);

        $usr = mysqli_escape_string($conn, $usr); //Prevent against SQL Injection by avoiding "\" being executed
        $pwd = mysqli_escape_string($conn, $pwd); //Prevent against SQL Injection by avoiding "\" being executed

        if ($usr && $pwd){  
            $epwd = $pwd;
            $q = "SELECT * FROM users WHERE UName='$usr' LIMIT 1;";
            $resultset = mysqli_query($conn,$q);
            $rowcount = mysqli_num_rows($resultset);

            if ($rowcount==1){ 
                while ($userRow = mysqli_fetch_assoc($resultset)){
                    //Get the DB username and password to compare
                    $dataBaseEmail = $userRow['UName'];
                    $dataBasePass = $userRow['Password'];   
                    $userGroup = $userRow['UserLevelID'];
                }

            mysqli_free_result($resultset);
            unset($q);

            //Compare DB user and pass to those entered
            if ($usr == $dataBaseEmail && $epwd == $dataBasePass){
                //Now that we know they are activated ect, we can create a session based on their privlidges 
                if ($userGroup ==1){ //ADMIN load the console 
                    header("Location: index.php");
                    $_SESSION['admin'] = true;
                }else{ //Normal User
                    header ("Location: logout.php");
                    $_SESSION['user'] = true;
                    $_SESSION['user'] = $dataBaseEmail;
                    }  
                }else{//user and pass do not match DB
                    echo '<div class="login-error">Incorrect Password, try again</div>';     
                }
            }else{
                echo '<div class="login-error">Error: There is no such user registered on the system. Please check the username and password entered.</div>';
            }
        }
    }
    ?>
            </div> <!-- /container -->

我确定我之前有这个工作，但是现在当你输入你的用户名和密码时，它只是刷新表格而没有任何错误信息或任何东西，我不明白为什么？

Answer 1

必须在任何html代码之前使用

标头语句。资料来源：http://pl1.php.net/manual/en/function.header.php

Answer 2

再次检查您的代码，您的查询会在管理员会话检查后继续破坏，因为如果表单已发布检查您没有添加

在这一行

if (isset($_SESSION['admin']) && ($_SESSION['admin'] == true) || isset($_SESSION['user']) && ($_SESSION['user'] == true)) {
    header ("Location: index.php");     
    //if use not logged in then
}else{

在else之后添加另一个if语句

if (isset($_SESSION['admin']) && ($_SESSION['admin'] == true) || isset($_SESSION['user']) && ($_SESSION['user'] == true)) {
    header ("Location: index.php");     
    //if use not logged in then
 }else
    if ( trim($_POST['username_login']) AND trim($_POST['user_password']))
    {

Answer 3

您必须将LOGIN code的位置更改为before HTML tags，因为标题（）在标头向客户端浏览器发送任何输出后无法正常工作

<?php session_start (); require ("includes/connect.php"); //Check for FORM POST if (isset ( $_POST ['username_login'] ) && isset ( $_POST ['user_password'] )) { // if an admin or user session is already in progress then dont let them log in, redirect to 'index.php' if (isset ( $_SESSION ['admin'] ) && ($_SESSION ['admin'] == true) || isset ( $_SESSION ['user'] ) && ($_SESSION ['user'] == true)) { header ( "Location: index.php" ); // if use not logged in then } else { // if username and password are entered, blank before user fills form $usr = (isset ( $_POST ['username_login'] ) ? $_POST ['username_login'] : null); $pwd = (isset ( $_POST ['user_password'] ) ? $_POST ['user_password'] : null); $usr = mysqli_escape_string ( $conn, $usr ); // Prevent against SQL Injection by avoiding "\" being executed $pwd = mysqli_escape_string ( $conn, $pwd ); // Prevent against SQL Injection by avoiding "\" being executed if ($usr && $pwd) { $epwd = $pwd; $q = "SELECT * FROM users WHERE UName='$usr' LIMIT 1;"; $resultset = mysqli_query ( $conn, $q ); $rowcount = mysqli_num_rows ( $resultset ); if ($rowcount == 1) { while ( $userRow = mysqli_fetch_assoc ( $resultset ) ) { // Get the DB username and password to compare $dataBaseEmail = $userRow ['UName']; $dataBasePass = $userRow ['Password']; $userGroup = $userRow ['UserLevelID']; } mysqli_free_result ( $resultset ); unset ( $q ); // Compare DB user and pass to those entered if ($usr == $dataBaseEmail && $epwd == $dataBasePass) { // Now that we know they are activated ect, we can create a session based on their privlidges if ($userGroup == 1) { // ADMIN load the console header ( "Location: index.php" ); $_SESSION ['admin'] = true; } else { // Normal User header ( "Location: logout.php" ); $_SESSION ['user'] = true; $_SESSION ['user'] = $dataBaseEmail; } } else { // user and pass do not match DB echo '<div class="login-error">Incorrect Password, try again</div>'; } } else { echo '<div class="login-error">Error: There is no such user registered on the system. Please check the username and password entered.</div>'; } } } } ?>  <div class="container"> <form class="form-signin" role="form" action="login.php" method="post"> <h2 class="form-signin-heading">Please sign in</h2> <input type="text" class="form-control" placeholder="Username" name="username_login" required autofocus> <input class="form-control" type="password" placeholder="Password" name="user_password" required> <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button> <label class="forgotten"> <a href="forgottenpass.php">Forgotten password?</a></label> </form> </div>

Answer 4

＆＃34; .mysql_errno（）; } } 其他 { echo mysql_error（）。＆＃34;
＆＃34; .mysql_errno（）; } // echo $ userName。＆＃34; - ＆＃34;。$ password; ？＆GT;

<form class="form-signin" role="form" action="login.php" method="post">
                <h2 class="form-signin-heading">Please sign in</h2>
                <input type="text" class="form-control"  placeholder = "Username"name="username_login" >
                <input class="form-control" type="password" placeholder = "password"  name="user_password" >
                <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
                <label class="forgotten"><a href="../forgottenpass.php">Forgotten password?</a></label>
   </form>

PHP登录表单刷新页面而不是重定向

4 个答案: