我想在我的代码中添加验证脚本。这是我的登录代码和checklogin代码。我想在其中添加一个验证脚本,我应该在哪个部分/代码中添加验证脚本?
这是我的login.php
<html><head>
<link href="bootstrap/css/bootstrap.min.css" rel="stylesheet">
<link href="signin.css" rel="stylesheet">
</head>
<body>
<div class="container" id="contain">
<form class="form-signin" role="form" action="checklogin.php" method="post">
<h2 class="form-signin-heading">Login</h2></br></br>
<div class="form-group">
<label for="">Email<span class="error">*</span></label>
<input type="text" class="form-control input-lg" name="email" placeholder="Email address" autofocus="" value=""/>
</div>
<div class="form-group">
<label for="">Password<span class="error">*</span></label>
<input type="password" class="form-control input-lg" name="password" placeholder="Password" value=""/>
</div>
<p style="text-align:right;"><a href="forgotpwd.php" style="text-decoration:none;">Forgot password?</a></p>
<label class="checkbox">
<input type="checkbox" value="remember-me"> Remember me
</label>
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
</form>
</div>
</body>
</html>
这是我的checklogin.php,用于在用户存在时检查数据库。
<?php
session_start();
require('connection.php');
$email = $_POST['email'];
$password = $_POST['password'];
$email = stripslashes($email);
$password = stripslashes($password);
$sql = "select * from user_info where email = '$email' and pwd = '$password'";
$result = mysql_query($sql) or die ( mysql_error() );
$count = 0;
while ($line = mysql_fetch_assoc($result)) {
$count++;
}
if ($count == 1) {
$_SESSION['loggedIn'] = "true";
header("Location: loginSuccess.php");
} else {
$_SESSION['loggedIn'] = "false";
header("Location: loginFailed.php");
}
?>
我应该如何以及在何处放置验证脚本?非常感谢!
答案 0 :(得分:0)
您可以在部分中添加您的javascript验证。
js的一个用途是,它被用作客户端验证脚本。
在提交表单之前,尝试调用一些javascript函数来验证用户名和密码是否为空。这样可以减轻服务器处理不需要的请求的负担。
这里是js教程的a link。
答案 1 :(得分:0)
请试试这个:
在您的HTML文件中,执行以下更改:
<head>
<link href="bootstrap/css/bootstrap.min.css" rel="stylesheet">
<link href="signin.css" rel="stylesheet">
<script src="signin.js"></script>
</head>
----
<button class="btn btn-lg btn-primary btn-block" type="submit" id="btn_signin">Sign in</button>
在你的javascript文件中:
// bind click event of btn_signin for setting the account
$('#btn_signin').click(function(){
// do the validation and if success, then submit the form, otherwise return false
});
答案 2 :(得分:0)
你的问题很模糊,但通常流程是这样的:
在代码中,这看起来像这样:
登录login.php
<?php
session_start(); // pull this out of the checklogin.php file
if ($_POST['email']){
// assumed user is trying to login
// so validate data
include 'checklogin.php';
}
?>
<html><head>
<link href="bootstrap/css/bootstrap.min.css" rel="stylesheet">
<link href="signin.css" rel="stylesheet">
</head>
<body>
<div class="container" id="contain">
<form class="form-signin" role="form" action="login.php" method="post">
<h2 class="form-signin-heading">Login</h2></br></br>
<?php if (isset($errors['login']){ echo $errors['login']; } ?>
<div class="form-group">
<?php if (isset($errors['email']){ echo $errors['email']; } ?>
<label for="">Email<span class="error">*</span></label>
<input type="text" class="form-control input-lg" name="email" placeholder="Email address" autofocus="" value="<?php echo $_POST['email']; ?>"/>
</div>
... removed for the sake of clarity ...
// note that the form submits to itself and php vars are echoed into the page if they exist
考虑到登录应该是安全的,有几件事可以改进。请参阅php过滤器函数来验证电子邮件,检查密码长度,使用PDO而不是mysql_query来避免sql注入等。但是现在让我们这样做:
if ($count == 1) {
$_SESSION['loggedIn'] = "true";
header("Location: loginSuccess.php");
} else {
$errors = array();
$errors['login'] = 'whoops... could not login'; // this var is available for the html in login.php
}