为什么我的登录脚本没有按编码运行检查

时间:2015-10-14 09:59:21

标签: php

我有两个页面,index.php和login.php。 index.php显示登录表单,login.php包含登录系统后面的编码。我已经为每个页面附加了一些编码,并在下面解释了我的问题。

的index.php 

<form id="loginForm" action="" method="post">
    <div class="form-group">            
        <label>Email Address:</label>
        <input id="email" name="email" placeholder="Email Address" type="email" autofocus class="form-control">
    </div>
    <div class="form-group">
        <label>Password:</label>
        <input id="password" name="password" placeholder="Password" type="password" autocomplete="off" class="form-control">
    </div>

    <input type="hidden" name="form_token" value="<?php echo htmlentities(stripslashes($form_token)); ?>" />
    <input name="submit" type="submit" value="Login" class="btn btn-warning" style="margin-bottom: 15px;">

    <?php echo $error ?>
    <?php echo $message ?>
</form>

的login.php 

<?php
    session_start();
    include_once("../config.php");  

    if (array_key_exists('Submit', $_POST)) {
        $Valid = 1;
    }

    if (isset($_POST['submit'])) {
        if (empty($_POST['email']) || empty($_POST['password'])) {
            $error = '<div class="alert alert-danger">Email or Password is invalid</div>';
        }

        else {
            // Define $username and $password
            $email = trim(stripslashes($_POST['email']));

            // $password = md5(trim(stripslashes($_POST['password'])));
            $password = md5($password);

            // Check that the Username and Password and have been sent
            if(!isset( $_POST['email'], $_POST['password'], $_POST['form_token'])) {
                $message = '<div class="alert alert-danger">Please enter a valid Email Address and Password.</div>';
            }

            // Check if the form token is valid
            elseif( $_POST['form_token'] != $_SESSION['form_token']) {
                $message = '<div class="alert alert-danger">Invalid submission.</div>';
            }

            try {
                $stmt = $conn->prepare("SELECT * FROM accounts WHERE Username = ? AND Password = ?");
                $stmt->execute(array($email, $password));       
            }

            catch(PDOException $e) {
                echo "Error: " . $e->getMessage();
            }

            foreach ($stmt as $row) {
                $row['Username'];
            }           

            if ($stmt == 1) {
                $_SESSION['login_user'] = $email; // Initializing Session
                header("location: profile.php"); // Redirecting To Other Page
            } 

            else {
                $conn = null; // Closing Connection
            }
        }
    }   
?>

我不明白为什么$ message不会向页面写任何内容。 $ error工作正常,如果电子邮件和密码=空白,它会写出“电子邮件或密码无效”。但是,如果您使用不存在的电子邮件和密码,它将重定向到profile.php但显示此错误:

This web page has a redirect loop
ERR_TOO_MANY_REDIRECTS

我做错了什么?

profile.php:

<?php
    session_start();
    include('../session.php');
    include_once("../config.php");      

    if(!isset($login_session)) {
        $conn = null; // Closing Connection
        header('Location: /account/'); // Redirect to Home
    }
?>

1 个答案:

答案 0 :(得分:1)

您的问题可能源于此if

if ($stmt == 1) {
    $_SESSION['login_user'] = $email; // Initializing Session
    header("location: profile.php"); // Redirecting To Other Page
}

我不知道你为什么认为准备好的陈述等于1。您可能对如何检查查询状态感到困惑,在这种情况下,您将要存储执行状态$status = $stmt->execute(array($email, $password));。请参阅PDOStatement::execute()上的PHP文档,返回值为TrueFalse。然后检查if:if ($status) {

中的状态

您可能还在尝试验证您的选择是否只返回了一行。这有点棘手,因为PDOStatement::rowCount()不适用于SELECT语句。你可能想要这样的东西:if (count($stmt->fetchAll()) == 1) {,首先得到一个返回的行数,然后计算它们。

相关问题
最新问题