用户已登录,但未重定向

时间:2016-04-19 15:57:01

标签: php html mysql pdo

我有一个用PDO编写的登录脚本。当用户登录时,他们应该被重定向到index.php。相反,他们仍然在同一页上。

<?php

$db_username = "user";
$db_password = "pass";
$con = new PDO("mysql:host=localhost;dbname=db", $db_username, $db_password);

if(isset($_POST['submit'])) {

$username = $_POST['username'];
$password = md5($_POST['password']);

$logincheck = $stmt = $con->prepare("SELECT * FROM users WHERE username=:username and password=:password");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':password', $password);
$stmt->execute();
$rows = $stmt->fetch(PDO::FETCH_NUM);
if($rows > 0) {
header('Location: index.php');
}
}
?>

<form method="post">
<input type="text" name="username">
<input type="password" name="password">
<input type="submit" name="submit">
</form>

2 个答案:

答案 0 :(得分:0)

  1. if(isset($_POST['submit']))更改为if(isset($_POST['username']) && isset($_POST['password']) )

    因为提交类型无法通过表单发送

  2. 确保哈希算法

  3. exit(header('Location: index.php'));更改为header('Location: http:// www.example.com/index.php');

    因为exit();不适合,这是语法错误。

    4.   

    标题必须单独发送,并且该页面的执行已经退出。

    我正在考虑预先设置$con变量,并且SQL提取没有任何错误。您的代码中也缺少PDO数据库日志记录。可能有很多错误。

    在php.ini文件中使用错误报告来跟踪实际发生的情况

答案 1 :(得分:0)

我最近在一个项目上遇到了这个问题,我想到的唯一一件事就是:

"**Warning:** Cannot modify header information - headers already sent (output started at /htdocs/your_project_name/your_file.php:X, where X is the line number)."

仔细检查你的错误;在您用于处理表单提交的脚本中将其插入到顶部:

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

我能够通过这样做来实现它:

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

if ((isset($_POST['username']) && !empty($_POST['username'])) &&
  (isset($_POST['password']) && !empty($_POST['password']))) {
  //echo $_POST['username'];
  //echo $_POST['password'];
  // these statements are commented out because they were
  // displaying information before the header('Location: index.php') 
  // was called, uncomment this and try to see what I am talking about

  $username = $_POST['username'];
  $password = $_POST['password'];

  $db_username = 'root';
  $db_password = 'root';
  // always use try-catch when working with databases, api's, etc.
  try
  {
     $dbconn = new PDO('mysql:host=localhost;dbname=db', $db_username, $db_password);

    $stmt = $dbconn->prepare('SELECT * FROM users WHERE username=:username AND
    password=:password LIMIT 1');
    $stmt->bindParam(':username', $username);
    $stmt->bindParam(':password', $password);

    $stmt->execute();

    if ($stmt->rowCount() > 0)
    {
      header('Location: index.php');
    }
  }
  catch (PDOException $e)
  {
    echo 'Database error: ' . $e->getMessage();
  }
}

显然,除了我添加操作属性外,表单不会改变:

<form method="post" action="submit.php">
<!--form fields-->
</form>

显然,请确保您安全地存储用户密码。在检查数据库之前,我没有哈希密码,但是您应该始终清理从表单提交的任何输入。看看这里

  • phpsec.org/projects/guide/1.html#1.4

在这里

  • php.net/manual/en/function.password-hash.php

尤其如此,您可以使用此功能检查密码是否匹配:

http://php.net/manual/en/function.password-verify.php

如果您仍遇到问题并且标头已发送问题是问题,请查看此帖子:

How to fix "Headers already sent" error in PHP

相关问题
最新问题