我有两个页面,index.php和login.php。 index.php显示登录表单,login.php包含登录系统后面的编码。我已经为每个页面附加了一些编码,并在下面解释了我的问题。
的index.php
<form id="loginForm" action="" method="post">
<div class="form-group">
<label>Email Address:</label>
<input id="email" name="email" placeholder="Email Address" type="email" autofocus class="form-control">
</div>
<div class="form-group">
<label>Password:</label>
<input id="password" name="password" placeholder="Password" type="password" autocomplete="off" class="form-control">
</div>
<input type="hidden" name="form_token" value="<?php echo htmlentities(stripslashes($form_token)); ?>" />
<input name="submit" type="submit" value="Login" class="btn btn-warning" style="margin-bottom: 15px;">
<?php echo $error ?>
<?php echo $message ?>
</form>
的login.php
<?php
session_start();
include_once("../config.php");
if (array_key_exists('Submit', $_POST)) {
$Valid = 1;
}
if (isset($_POST['submit'])) {
if (empty($_POST['email']) || empty($_POST['password'])) {
$error = '<div class="alert alert-danger">Email or Password is invalid</div>';
}
else {
// Define $username and $password
$email = trim(stripslashes($_POST['email']));
// $password = md5(trim(stripslashes($_POST['password'])));
$password = md5($password);
// Check that the Username and Password and have been sent
if(!isset( $_POST['email'], $_POST['password'], $_POST['form_token'])) {
$message = '<div class="alert alert-danger">Please enter a valid Email Address and Password.</div>';
}
// Check if the form token is valid
elseif( $_POST['form_token'] != $_SESSION['form_token']) {
$message = '<div class="alert alert-danger">Invalid submission.</div>';
}
try {
$stmt = $conn->prepare("SELECT * FROM accounts WHERE Username = ? AND Password = ?");
$stmt->execute(array($email, $password));
}
catch(PDOException $e) {
echo "Error: " . $e->getMessage();
}
foreach ($stmt as $row) {
$row['Username'];
}
if ($stmt == 1) {
$_SESSION['login_user'] = $email; // Initializing Session
header("location: profile.php"); // Redirecting To Other Page
}
else {
$conn = null; // Closing Connection
}
}
}
?>
我不明白为什么$ message不会向页面写任何内容。 $ error工作正常,如果电子邮件和密码=空白,它会写出“电子邮件或密码无效”。但是,如果您使用不存在的电子邮件和密码,它将重定向到profile.php但显示此错误:
This web page has a redirect loop
ERR_TOO_MANY_REDIRECTS
我做错了什么?
profile.php:
<?php
session_start();
include('../session.php');
include_once("../config.php");
if(!isset($login_session)) {
$conn = null; // Closing Connection
header('Location: /account/'); // Redirect to Home
}
?>
答案 0 :(得分:1)
您的问题可能源于此if
:
if ($stmt == 1) {
$_SESSION['login_user'] = $email; // Initializing Session
header("location: profile.php"); // Redirecting To Other Page
}
我不知道你为什么认为准备好的陈述等于1
。您可能对如何检查查询状态感到困惑,在这种情况下,您将要存储执行状态$status = $stmt->execute(array($email, $password));
。请参阅PDOStatement::execute()
上的PHP文档,返回值为True
或False
。然后检查if:if ($status) {
您可能还在尝试验证您的选择是否只返回了一行。这有点棘手,因为PDOStatement::rowCount()
不适用于SELECT
语句。你可能想要这样的东西:if (count($stmt->fetchAll()) == 1) {
,首先得到一个返回的行数,然后计算它们。