登录系统在打开页面时不会自动验证,错误信息

时间:2014-12-20 21:58:40

标签: php html css sql login

我是php的新手,我已经成功登录了一个登录系统。但是,它不会验证字段是否为空。我的错误消息"必须输入用户名/密码"我加载页面时出现,这不是我想要的。

我希望它只显示是否按下登录按钮并且字段为空,就像正确的登录系统一样。有人可以帮忙吗?

的login.php 

<div id= "form">
<h2>Login</h2> 

<?php 

if (isset($_SESSION["authenticatedUserEmail"])) {
echo 'Welcome back <br/>'.$_SESSION["authenticatedUserEmail"]. '<br/>';
echo '<a href="logout.php">logout</a>';
echo '<a href="account.php">my account</a>';
 }
else{
$_SESSION["message"] = "Must enter Username and Password ";
echo "<font color=red><font size = 1px>".$_SESSION["message"]; 

?> 
<form method="post" action="loginaction.php"> 
Email: 
<input type="text" size=10 maxlength=40 name="email"></br>
Password:
<input type="password" size=10 maxlength=15 name="password"><br/> 
<input name="submit" type="submit" value="Log in"> 
<input name="reset" type="reset" value="Clear"> 

</form>
<?php
}
?>
</div>

loginaction.php 

<?php 
session_start();

include'connection.php';
$email = trim($_POST["email"]);
$password = trim($_POST["password"]);

if (empty($email) or empty($password)) {
$_SESSION["message"] = "Must enter Username and Password ";
header("Location: homepage.php");   //Redirection information
 exit ;//Ends the script

}
$email = strip_tags($email);
$password = strip_tags($password);

$query = "SELECT * FROM users WHERE email= '$email' AND password = '$password' ";
$result = mysqli_query($connection, $query) or exit("Error in query: $query. " . mysqli_error());

if ($row = mysqli_fetch_assoc($result)) {//Then we have a successful login
$_SESSION["authenticatedUserEmail"] = $email;
$_SESSION['ID'] = $row['ID'];
$_SESSION["password"] = $password;

header("Location: homepage.php");
} else {
$_SESSION["message"] = "Invalid User";
header("Location: homepage.php");//Go back to the login pages
}
?>

1 个答案:

答案 0 :(得分:0)

您需要将session_start()放在登录页面的最顶部。

<?php 
session_start(); 
?>
<div id= "form">
<h2>Login</h2> 

<?php 
if (isset($_SESSION["authenticatedUserEmail"])) {
    echo 'Welcome back <br/>'.$_SESSION["authenticatedUserEmail"]. '<br/>';
    echo '<a href="logout.php">logout</a>';
    echo '<a href="account.php">my account</a>';
} else {

    echo "<font color=red>Must enter Username and Password</font>"; 
    ?> 
    <form method="post" action="loginaction.php"> 
        Email: 
        <input type="text" size=10 maxlength=40 name="email"></br>
        Password:
        <input type="password" size=10 maxlength=15 name="password"><br/> 
        <input name="submit" type="submit" value="Log in"> 
        <input name="reset" type="reset" value="Clear"> 
    </form>
<?php
}
?>
</div>

编辑2:

的login.php 

<?php 
session_start(); 
print_r($_SESSION);
?>
<div id= "form">
<h2>Login</h2> 
<?php 
if (isset($_SESSION["authenticatedUserEmail"])) {
    echo 'Welcome back <br/>'.$_SESSION["authenticatedUserEmail"]. '<br/>';
    echo '<a href="logout.php">logout</a> | <a href="account.php">my account</a>';
} else {
    if(isset($_GET['form']) && $_GET['form']=='invalid') {
        echo "<font color=red>Must enter Username and Password</font>"; 
    }
    if(isset($_GET['user']) && $_GET['user']=='invalid') {
        echo "<font color=red>Invalid User</font>"; 
    }
    ?> 
    <form method="post" action="loginaction.php"> 
        Email: 
        <input type="text" size=10 maxlength=40 name="email"></br>
        Password:
        <input type="password" size=10 maxlength=15 name="password"><br/> 
        <input name="submit" type="submit" value="Log in"> 
        <input name="reset" type="reset" value="Clear"> 
    </form>
<?php
    if(isset($_GET['logout']) && $_GET['logout']=='success') {
        echo "<font color=blue>Logout success</font>"; 
    }
}
?>
</div>

loginaction.php 

<?php
$email = trim($_POST["email"]);
$password = trim($_POST["password"]);

if (empty($email) or empty($password)) {
    header("Location: login.php?form=invalid");   //Redirection information
    exit;
}

// dummy users
$users = array (
    'test@abc.com' => 1234,
    'test2@abc.com' => 12345
)   ;

$found = false;

foreach($users as $emailAdd => $pass ){
    if($emailAdd == $email && $pass = $password)
    {
        $found = true;
        break;
    }
}

if($found) {
    session_start();
    @session_regenerate_id (true);
    $_SESSION["authenticatedUserEmail"] = $email;
    $_SESSION['ID'] = $row['ID'];
    $_SESSION["password"] = $password;
    header("Location: homepage.php");
} else {
    header("Location: login.php?user=invalid");//Go back to the login pages
}

?>

homepage.php 

<?php
session_start();
echo "Hello " . $_SESSION['authenticatedUserEmail'] .' <br>';
 echo '<a href="logout.php">logout</a> <hr>';
print_r($_SESSION);
?>

logout.php 

<?php
session_start();
if(isset($_SESSION['authenticatedUserEmail']))
{
    session_unset(); 
    session_destroy();
    header("location: login.php?logout=success");               
} else {
    header("location: login.php");  
}
?>
相关问题
最新问题