我是php的新手,我用google搜索了一个包含源代码的简单登录表单。代码工作但它不会将我重定向到主页,而是保持在登录页面。以下是用户输入正确凭据时负责重定向的身份验证代码:
ob_start();
session_start();
$error='';
if(isset($_POST['submit'])){
if(empty($_POST['username']) || empty($_POST['password'])){
$error="Username or Password is invalid";
}
else{
$username=$_POST['username'];
$password=$_POST['password'];
$cxn=mysql_connect("localhost","root","admin");
$username=stripslashes($username);
$password=stripslashes($password);
$username=mysql_real_escape_string($username);
$password=mysql_real_escape_string($password);
$db=mysql_select_db("hrdb",$cxn);
$query=mysql_query("select * from login where Username='$username' AND
Password='$password'",$cxn);
$rows=mysql_num_rows($query);
if($rows==1){
$_SESSION['log_user']=$username;
echo "test";
header('Location: http://localhost/HRMS/profile.php');
exit;
}else{
$error="Username or password is invalid";
}
mysql_close($cxn);
}
}
ob_end_flush();
答案 0 :(得分:0)
您可以使用header()函数发送新的HTTP标头,但必须在任何HTML或文本之前将其发送到浏览器(例如,在声明之前)。
您可能希望在die来电后加入header:
header("Location: http://localhost/HRMS/profile.php");
die();
答案 1 :(得分:0)
我建议你使用mysqli而不是mysql和 如有细微变化请仔细检查 并测试它现在工作正常的代码。
ob_start();
session_start();
$error='';
if(isset($_POST['submit'])){
if(empty($_POST['username']) || empty($_POST['password'])){
$error="Username or Password is invalid";
}
else{
$username=$_POST['username'];
$password= md5($_POST['password']);
$cxn= mysqli_connect("localhost","root","","hrdb");
$username=stripslashes($username);
$password=stripslashes($password);
$username=mysqli_real_escape_string($cxn,$username);;
$password=mysqli_real_escape_string($cxn,$password);;
$query=mysqli_query($cxn,"select * from user_mst_tbl where USER_NAME='".$username."' AND
PASS_WORD='".$password."'");
$rows=mysqli_num_rows($query);
if($rows==1){
$_SESSION['log_user']=$username;
echo "test";
header('Location: http://localhost/HRMS/profile.php');
}else{
$error="Username or password is invalid";
}
mysql_close($cxn);
}
}
ob_end_flush();
答案 2 :(得分:0)
您收到错误:
不推荐使用:mysql_connect():不推荐使用mysql扩展,将来会删除它:使用mysqli或PDO代替
因为您安装了更高版本的XAMPP。
您需要考虑使用prepared statement而不是deprecated mysql_* API。在您可以在查询中使用它之前,您不需要清理每个变量,因为准备好的语句将为您完成。
如果您打算使用PHP的header()功能,请确保在致电header()之前没有任何输出。
同时检查您的profile.php,如果它还有header(),则将页面重定向回登录页面。
<?php
/* MAKE SURE THAT THERE ARE NO HTML/OUTPUTS ABOVE THIS CODE */
ob_start();
session_start();
$error = "";
/* ESTABLISH CONNECTION */
$con = new mysqli("localhost", "root", "admin", "hrdb");
/* CHECK CONNECTION */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
if(isset($_POST['submit'])){
if(empty($_POST['username']) || empty($_POST['password'])){
$error="Username or Password is invalid";
}
else{
if($stmt = $con->prepare("SELECT Username FROM login WHERE Username = ? AND Password = ?")){ /* CHECK AND PREPARE THE QUERY */
$stmt->bind_param("ss",$_POST["username"],$_POST["password"]); /* BIND THESE VARIABLES TO YOUR PREPARED QUERY; s STANDS FOR STRINGS */
$stmt->execute(); /* EXECUTE THE QUERY */
$rows = $stmt->num_rows; /* GET NUMBER OF ROWS/RESULTS */
if($rows == 1){ /* IF FOUND RESULT */
$stmt->bind_result($username); /* STORE THE RESULT TO THIS VARIABLE */
$stmt->fetch(); /* FETCH THE RESULT */
$_SESSION['log_user'] = $username; /* STORE THE RESULT TO THIS SESSION VARIABLE */
/* header('LOCATION: http://localhost/HRMS/profile.php'); REDIRECT THE PAGE TO profile.php */
?>
<meta http-equiv="refresh" content=".5; URL='profile.php'"/> <!-- REDIRECT TO profile.php IN HALF A SECOND -->
<?php
}
else {
$error="Username or password is invalid";
}
$stmt->close();
} /* END OF PREPARED STATEMENT */
} /* END OF ELSE */
} /* END OF ISSET SUBMIT */
ob_end_flush();
?>
您还应该保护存储在数据库中的密码。您可以使用password_hash()。