<body>
<div class="login-card">
<h1>Log-in</h1><br>
<form action="incident-form.php" method="POST">
<input type="text" name="username" placeholder="Username">
<input type="password" name="password" placeholder="Password">
<input type="submit" name="submit" class="login login-submit" value="Login">
</form>
<div class="login-help">
<a href="#">Register</a> <a href="#">Forgot Password</a>
</div>
</div>
</body>
</html>
<?php
$connect = mysql_connect("localhost", "root", "");
mysql_select_db("aid");
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$query = mysql_query("SELECT * FROM users WHERE username='".$username."'");
if (mysql_num_rows($query) > 0){
while($row = mysql_fetch_assoc($query)) {
if ($row = ['password'] == $password){
echo "Successfully logged in!";
}else{
echo "Wrong password";
}
}
}else{
echo "Username not found";
}
}
?>
我在PHP 5.5中使用phpMyAdmin。我的数据库名称是aid,table是用户。表格就在那里,数据库和表格都在那里,但它直接进入提交的目标页面而不检查用户。
答案 0 :(得分:5)
首先更改您的action
代码。
<form action="" method="POST"> <!-- MEANS THAT PAGE WILL SUBMIT ON SELF FIRST -->
你的while循环中的if条件应该是:
if ($row['password'] == $password){
如果登录成功,请使用header()
将用户重定向到incident-form.php
。
header("LOCATION:incident-form.php"); /* PUT THIS INSIDE YOUR IF CONDITION */
至少使用*_real_escape_string()
来阻止SQL injection。
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
但仍然使用mysqli_*
而不是deprecated mysql_*
API。
答案 1 :(得分:1)
PHP没有那样工作,服务器处理发送的请求。您必须将代码移动到incident-form.php
的顶部并且仅在登录时显示该内容,或者您必须将此代码放在中间的页面上,将表单指向那里并使用{{ 1}}重定向的函数,或者您必须构建对代码的javascript调用,并根据结果阻止提交。
为您扩展解决方案。你需要三页
包含以下代码的登录页面
header
答案 2 :(得分:0)
试试这个也不要给用户一个登录错误的提示也使用重定向功能这里是代码:
if (!function_exists('redirect_to')) {
function redirect_to($new_location) {
header("Location: " . $new_location);
exit;
}
}
<?php
$connect = mysqli_connect("localhost", "root", "", "aid");
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM users";
$result = mysqli_query($connect, $query);
while($row = mysqli_fetch_assoc($result)) {
if ($row['username'] == $username && $row['password'] == $password) {
echo "Successfully logged in!";
redirect_to("dashboard.php");
} else{
echo "Login Is wrong";
}
}
} else{
echo "Username/Password not found";
}
}
}
?>