我创建了一个带有提交按钮的表单。我也连接到db.php文件中的XAMPP数据库。我只是想在字段中输入用户名和密码,然后重定向到另一个.php文件。每次我使用用户名和密码登录时,都没有任何反应。任何帮助将不胜感激。 感谢。
<?php
error_reporting(E_ALL & ~E_NOTICE);
session_start();
print_r($_POST['submit']);
$dbCon = mysqli_connect('localhost', 'root', '', 'osticket') or die('can not connect');
mysqli_select_db($dbCon, 'osticket');
if ($_POST['submit']) {
$username = trim($_POST['username']);
$username = strip_tags($username);
$username = htmlspecialchars($username);
$password = trim($_POST['password']);
$password = strip_tags($password);
$password = htmlspecialchars($password);
$username = mysqli_real_escape_string($dbCon,$username);
$password = mysqli_real_escape_string($dbCon,$password);
$sql = "SELECT * FROM ost_staff WHERE username = '$username' AND password = '$password'";
$query = mysqli_query($dbCon, $sql) or die (mysqli_connect_error($dbCon));
if ($query) {
$result = mysqli_fetch_array($query);
$_SESSION['username'] = $result["username"];
$_SESSION['staff_id'] = $result["staff_id"];;
header('Location: user.php');
} else {
echo "Incorrect username and password";
}
}
?>
<form class="form-signin" method="post" action="ticket.php">
<h2 class="form-signin-heading">Sign In</h2>
<label for="inputUsername" class="sr-only">Username</label>
<input type="text" id="inputUsername" class="form-control" placeholder="Username" name="username" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" id="inputPassword" class="form-control" placeholder="Password" name="password" required>
<div class="checkbox">
<label>
<input type="checkbox" value="remember-me"> Remember me
</label>
<input type="submit" value='Try it' name='submit'/>
</form>
答案 0 :(得分:2)
您的代码中存在一些错误或不完善。
首先,您的输入密码字段没有名称。 只需添加name =&#34;密码&#34;到您的输入栏:
<input type="password" id="inputPassword" class="form-control" placeholder="Password" name="password" required>
并且还要更改输入&#34;提交&#34;按钮。
<button type="submit" value='Try it' name='submit'>test</button>
同样结束表格(不太确定你是否已经做过,因为它已被切断)
之后代码应该可以运行,但它并不是很漂亮。所以如果你想在之后改变它,这里只是一些建议:
代码更改
变化:
if ($query) {
$row = mysqli_fetch_row($query);
$staff_id = row[0];
$dbUsername = row[3];
$dbPassword = row[5];
}
if ($username == $dbUsername && $password == $dbPassword) {
$_SESSION['username'] = $username;
$_SESSION['staff_id'] = $staff_ID;
header('Location: user.php');
} else {
echo "Incorrect username and password";
}
要:
if ($query) {
$result = mysqli_fetch_array($query);
$_SESSION['username'] = $result["username"];
$_SESSION['staff_id'] = $result["staff_id"];;
header('Location: user.php');
} else {
echo "Incorrect username and password";
}
因为如果$ query为true,那么只需查看数据库就可以完成检查。我将fetch_row更改为fetch_array,但这只是因为我更喜欢这种方式。
添加安全性
为了使您的代码更安全,以下是一些建议:
$username = trim($_POST['username']);
$username = strip_tags($username);
$username = htmlspecialchars($username);
$password = trim($_POST['password']);
$password = strip_tags($password);
$password = htmlspecialchars($password);
$username = mysqli_real_escape_string($dbCon,$username);
$password = mysqli_real_escape_string($dbCon,$password);
这是非常基本,以防止一些攻击。
也许你想让它更安全并散列密码(http://php.net/manual/en/function.password-hash.php)
还有很多其他事情你可以改变,但我想保持它很简单。如果您有任何问题,请随时问我。