我已经制作/复制了一个合适的内容页面。 我已经使它完全正常运行,除了有一个错误,当用户名和密码不在数据库中时它仍然重定向? 登录表单:
<div class="login">
<h1>Login</h1>
<form method="post" action="connectivity.php">
<input type="text" name="user" placeholder="Gebruikersnaam" required/>
<input type="password" name="pass" placeholder="Wachtwoord" required/>
<input id="button" type="submit" class="btn btn-primary btn-block btn-large" name="submit" value="Log-In">
</br>
发布的php代码:
<?php
session_start();
$user = $_POST['user'];
$_SESSION['user'] = $user;
define('DB_HOST', 'localhost');
define('DB_NAME', 'mkuiper1');
define('DB_USER','mkuiper1');
define('DB_PASSWORD','password');
$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
/*
$ID = $_POST['user'];
$Password = $_POST['pass'];
*/
function SignIn($data){
//checking the 'user' name which is from Sign-In.html, is it empty or have some text
if(!empty($data['user'])){
//$query = mysql_query("SELECT * FROM WebsiteUsers where userName = '".$data['user']."' AND pass = '".$data['pass']."'") or die(mysql_error());
// The above query is sql-injecation valnerable query, use the below query instead
// Also do not use mysql erxtension anymore is deprecated, use mysqli instead
// Let us say that your db connection is stored in $con variable
$stmt = $con->prepare("SELECT * FROM WebsiteUsers where userName = '$_POST[user]' AND pass = '$_POST[pass]'");
$stmt->bind_param('ss', $data['user'],$data['pass']);
if($stmt->execute()){
$stmt->store_result();
if($stmt->num_rows>0){
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
$_SESSION['userName'] = $row['pass'];
//echo "Login Succesvol!"; do not echo anything here before redirecting !!!
$_SESSION['loggedin'] = 1;
header("Location: index.php");
}
}
}
} else{
$message = "Verkeerde Gebruikersnaam/Wachtwoord!";
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('$message')
window.location = '/Sign-In.php';
</SCRIPT>");
}
}
if(isset($_POST['submit'])){
SignIn($_POST);
}
?>
但它仍然存在于connectivty.php,即使传递和用户名不正确。
抱歉英文不好
杰西
答案 0 :(得分:0)
正如我在评论中所说,你的代码有很多问题,这个函数应该解决它们:
function SignIn($data){
//checking the 'user' name which is from Sign-In.html, is it empty or have some text
if(!empty($data['user'])){
//$query = mysql_query("SELECT * FROM WebsiteUsers where userName = '".$data['user']."' AND pass = '".$data['pass']."'") or die(mysql_error());
// The above query is sql-injecation valnerable query, use the below query instead
// Also do not use mysql erxtension anymore is deprecated, use mysqli instead
// Let us say that your db connection is stored in $con variable
$stmt = $con->prepare('SELECT * FROM WebsiteUsers where userName = ? AND pass = ?');
$stmt->bind_param('ss', $data['user'],$data['pass']);
if($stmt->execute()){
$stmt->store_result();
if($stmt->num_rows>0){
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
$_SESSION['userName'] = $row['pass'];
//echo "Login Succesvol!"; do not echo anything here before redirecting !!!
$_SESSION['loggedin'] = 1;
header("Location: index.php");
}
}
}
} else{
$message = "Verkeerde Gebruikersnaam/Wachtwoord!";
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('$message')
window.location = '/Sign-In.php';
</SCRIPT>");
}
}
if(isset($_POST['submit'])){
SignIn($_POST);
}