当用户尝试登录系统时出现此问题:
调试后我发现,当用户输入正确的用户名和密码(经过少量组合测试)后,if($_POST['form']
和值$_POST['form'] == "login")
将返回false,导致系统刷新并保留在登录页面。它会回应“asd”
case 'login':
if ($LOGIN_SESSION) {
header("Location:index.php?cmd=home");
}
include('inc/header_tpl.php');
if (isset($_POST['form']) && $_POST['form'] == "login") {
if (!isset($_POST['username']) || !isset($_POST['password']) || $_POST['password'] == "" || $_POST['username'] == "") {
$error_warning = 1;
} else {
$username = $_POST['username'];
$password = $_POST['password'];
$isLegal = VAccess::IsLegalUser($username, $password);
if ($isLegal) {
$_SESSION['role'] = VAccess::getRole($username);
$_SESSION['logged'] = true;
$_SESSION['username'] = $username;
if ($_SESSION['role'] == "Administrator") {
$_SESSION['admin_username'] = $username;
} else if ($_SESSION['role'] == "Guest") {
$_SESSION['guest_username'] = $username;
}
$error_warning = 0;
header("Location:index.php?cmd=home");
} else {
$error_warning = 1;
}
}
}else{
echo "asd";
}
include('view/login.php');
include('inc/footer_tpl.php');
break;
以下是我的登录表单:
<form action="" method="post" id="login_form">
<input type="hidden" name="form" value="login"/>
<table style="width: 100%;">
<tbody><tr>
<td style="text-align: center;" rowspan="4"><img src="img/login.png" alt="Please enter your login details."></td>
</tr>
<tr>
<td>Username:<br>
<input type="text" name="username" value="" style="margin-top: 4px;">
<br>
<br>
Password:
<br>
<input type="password" name="password" value="" style="margin-top: 4px;">
<br>
<!-- <a href="index.php?cmd=forgotten">Forgotten Password</a> -->
</td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td style="text-align: right;"><a onclick="$('#login_form').submit();" class="button">Login</a></td>
</tr>
</tbody>
</table>
</form>
public static function IsLegalUser($username, $password) {
$sql = "SELECT * FROM user WHERE USERNAME = '$username' and PASSWORD = '$password'";
$query = mysql_query($sql) or die(mysql_error());
if (mysql_num_rows($query) > 0) {
return true;
} else {
return false;
}
}
我的代码基本上工作正常,但今天我的客户告诉我他无法登录系统。我测试了我的localhost上的代码,它运行良好。但问题是为什么当输入正确的组合时系统会转到其他地方并回显“asd”,实际上我还没有检查数据库中的登录信息。
答案 0 :(得分:1)
您正在发送新标头但未停止PHP执行尝试
header("Location:index.php?cmd=home");
exit();