用户授权/未授权可访问的网页,并导致错误

时间:2016-01-27 06:25:35

标签: javascript php jquery ajax

我的页面是main.php它就像这段代码一样

<?php
  include_once('createtables.php');
  include('function.php');

?>

<!DOCTYPE html>
<html lang="en">
<head>
  <title></title>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="stylesheet" href="../includes/css/bootstrap.min.css">
  <link rel="stylesheet" href="../includes/css/main.css">
  <script src="../includes/js/jQuery.js"></script>
  <script src="../includes/js/login.js"></script>
  <script src="../includes/js/bootstrap.min.js"></script>
</head>
<body>
  <div class="container-fluid">
    <form id="lgform" action="checklogin.php" method="post">
      <h4 class="text-primary" id="llc"><img src="../includes/img/chatballoon.png"> Network Chat </h4>

      <div class="input-group" id="firstone">
        <span class="input-group-addon">
          <span class="glyphicon glyphicon-user"></span>
        </span>
        <input type="text" class="form-control" placeholder="Enter Account name" id="username" name="username" autofocus>
      </div>
      <div class="input-group" id="secondtwo">
        <span class="input-group-addon" id="password-addon">
          <span class="glyphicon glyphicon-lock"></span>
        </span>
        <input type="password" class="form-control" placeholder="Enter your password" aria-decribedby="password-addon" id="password" name="password" autofocus>
      </div>
      <a href="createaccount.php" id="signup">Create Account</a>
      <input type="submit" class="pull-right btn btn-primary btn-sm" name="submit" id="submit" value="Enter now">
    </form>
  </div>
</body>
</html>

这是我的checklogin php是这样的:

<?php
    ob_start();
    session_start();

    include("function.php");

    $conn = new Functions();
    $conn = $conn->db;

    //define username and password

    $username = $_POST['username'];
    $password = $_POST['password'];

    $username = stripslashes($username);
    $password = stripcslashes($password);
    $salt = "dctech2015ABcRXd";
    $password = md5($password) . $salt;
    $password = sha1($password);


    //SELECT QUERY TO FIND IF INPUT INFORMATION WAS ON DATABASE
    $stmt = $conn->query("SELECT * FROM users WHERE username ='$username' AND password='$password'");

    //LOOP ENTIRE DATABASE ROW
    $count = $stmt->rowCount();

    //IF INFORMATION FOUND SELECT STATUS IF ALREADY ONLINE OR NOT
    if($count == 1){
        $status;
        $stmt = $conn->prepare("SELECT status FROM users WHERE username='$username'");
        $stmt->execute();
        while($checkstatus = $stmt->fetch(PDO::FETCH_OBJ)){
            $status = $checkstatus->status;
        }
        if($status == 'Online'){
            echo "online";

        }else{

            echo "success";
            $_SESSION['username'] = $username;
            $_SESSION['password'] = $password;

            $stmt = $conn->prepare("UPDATE users SET status='Online' WHERE username='$username'");
            $stmt->execute();
        }

    }

    ob_end_flush();
?>

ajax在这里:

$(document).ready(function(){
    $("#submit").click(function(e){
        e.preventDefault();

        var username = document.getElementById("username").value;
        var password = document.getElementById("password").value;

        if(username==""){
            alert("Please enter your account name");
        }else if(password == ""){
            alert("Please enter your password");
        }else{
            $.ajax({
                type: "POST",
                url: "checklogin.php",
                data: "username="+username+"&password="+password,
                success: function(data){
                    if(data == "success"){
                        window.location.href="chat.php";
                    }
                    else if(data == "online"){
                        alert("account is already online");
                    }else{
                        alert("Invalid Account name/Account password");
                    }
                },error:function(data){
                    alert("an error occured through data");
                }
            });
        }

        document.getElementById("username").value = "";
        document.getElementById("password").value = "";
    });
    return false;
});

浏览器可以访问checklogin.php文件的问题。我想要的是避免未经授权的用户访问此页面甚至登录用户,如果他们在浏览器上输入register.php它将转到它并说用户名错误等。

此类错误: This error

2 个答案:

答案 0 :(得分:0)

您应该使用标准的http状态代码回复:401,因此浏览器知道它无法加载页面:

if($count == 1){
   ...
} else {
    header("HTTP/1.1 401 Unauthorized");
    // or for php 5.4:
    http_response_code(401);
}

更新: 对于您稍后添加的错误:

在访问$ _POST中的值之前,请检查它们是否存在:

if (isset($_POST['username']) && isset($_POST['password'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];
    // ... all the rest of your code that depends on $_POST comes here
}

答案 1 :(得分:0)

您可以在check_login脚本中添加一些检查,以查看URL是否匹配并将其重新开始。 if(strpos($_SERVER['REQUEST_URI'], 'register.php')) exit()或其他影响因素。

相关问题
最新问题