Question

所以我有一个登录脚本，不太清楚为什么它不会工作。在我的用户表中，我有以下字段：

表：用户

Field 1) ID
Field 2) Password (it is stored with crypt)
Field 3) Status (ranges from 0-2)

的index.php

<?php
session_start();
unset($_SESSION['Status']);
?>
<head> 

  <title>Login Form</title>
  <link rel="stylesheet" type="text/css" href="login.css">
  <img src="logo1.jpg" style="float:left; width:490px; height:130px; margin-top: -70px;">
  <!--[if lt IE 9]><script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script><![endif]-->
</head>
<body>

<section class="container">
    <div class="login">
      <h1>Login</h1>
      <form action="process_login.php" method="POST"/>
        <div class="help-tip">
         <p>Enter the User ID and Password that you were given, in order to login. If you have forgotten your ID or Password, contact Admin</p>
</div>
          <p><input type="number"     name="ID"   value="" placeholder="ID*"       required autofocus></p>
        <p><input type="password" name="Password" value="" placeholder="Password*" required></p>
        <p class="submit"><input type="submit" name="commit" value="Login"></p>
    </form>
</div>

process_login.php

<?php
session_start();
?>
<?php
//Connect to host site and databse
include("functions.php");
// Fetching variables
$id = $_POST['ID'];
$pw = crypt($_POST['Password']);

//Find user details from User table using the username entered and comparing the entered password with the one retrieved form the user table

$UserValidate = mysqli_query ("SELECT * FROM User WHERE ID = '$id'") or die (mysqli_error());
$row = mysqli_fetch_array($UserValidate);
$CorrectId = $row['ID'];
$CorrectPw = $row['Password'];
$UserType = $row['Status'];

//check if ID in database
if ($id == $CorrectId) {
//check if password is assigned to that username and is correct
if ($pw == $CorrectPw) {
//check if user is standard user
if ($UserType == 0) {
    $_SESSION['CadetUser'] = $id;
header('http://****/calendar.php:'.$url);die();
if ($UserType == 1) {
$_SESSION['StaffUser'] = $id;
header('http://****/calendar_staff.php:'.$url);die();
if ($UserType == 2) {
$_SESSION['AdminUser'] = $id;
header('http://****/calendar_admin.php:'.$url);die();
}
}
else { 
  echo "Either your ID or Password is wrong";
  header('http://******/index.php:'.$url);die();
}
}
}
}
?>

更新我的问题是，当我使用正确的详细信息登录时，我得到一个空白屏幕。它只是在process_login.php停止此外，我将重定向更改为＆＃34;标题..........＆＃34;喜欢建议

Answer 1

对于重定向，您可以尝试

header('location:'.$url);die();

注意：删除标题前的所有回显或打印，并确保在php开始标记之前没有空格

Answer 2

顺便说一句，您的SQL语句容易受到SQL注入的影响，因为您将$ id直接放入语句中。使用参数和mysqli

会更安全

Answer 3

这是你的代码 - 缩进，如你在帖子中输入的那样：

//check if ID in database
if ($id == $CorrectId) {
    //check if password is assigned to that username and is correct
    if ($pw == $CorrectPw) {
        //check if user is standard user
        if ($UserType == 0) {
            $_SESSION['CadetUser'] = $id;
            header('http://****/calendar.php:'.$url);
            die();
            if ($UserType == 1) {
                $_SESSION['StaffUser'] = $id;
                header('http://****/calendar_staff.php:'.$url);
                die();
            // <----- missing a closing brace
            if ($UserType == 2) {
                $_SESSION['AdminUser'] = $id;
                header('http://****/calendar_admin.php:'.$url);
                die();
            }
        }
        else { 
            echo "Either your ID or Password is wrong"; // you need to remove this; outputting HTML prior to sending headers will result in a PHP error
            header('http://******/index.php:'.$url);
            die();
        }
    }
}
} // <----- remove this

正如您所看到的，唯一有机会的条件是if ($UserType == 0)。更不用说那里有一个错误的}可能会导致语法错误。

您的标题中也遗漏了Location，例如。 header('Location: url/goes/here.php');

我已经重新格式化了下面的代码，并修复了语法错误：

//check if ID in database
if ($id == $CorrectId && $pw == $CorrectPw) {
    //check if user is standard user
    if ($UserType == 0) {
        $_SESSION['CadetUser'] = $id;
        header('Location: http://****/calendar.php:'.$url);
        die();
    }
    elseif ($UserType == 1) {
        $_SESSION['StaffUser'] = $id;
        header('Location: http://****/calendar_staff.php:'.$url);
        die();
    }
    elseif ($UserType == 2) {
        $_SESSION['AdminUser'] = $id;
        header('Location: http://****/calendar_admin.php:'.$url);
        die();
    }
    else { 
        header('Location: http://******/index.php:'.$url);
        die();
    }
}

由于if ($id == $CorrectId)和if ($pw == $CorrectPw)是必须满足的条件才能继续进行，因此将它们包含在单一条件中是有意义的..为了便于阅读。尽可能避免嵌套条件太深。使事情变得混乱，代码难以阅读/遵循。您可以看到我已将它们添加到一个条件中。

Answer 4

更改标题功能

header('location : http://****/calendar.php:');

要

在标题中添加位置，如上所示

登录页面不直接 - 显示空白页面PHP

4 个答案: