对标题感到抱歉。真的不知道怎么说。但我愿意接受建议,因此有类似问题的人可以轻松找到这个主题。
我在php中创建了一个简单的登录/注册脚本。我遇到的问题是“用户消息”没有显示出来,我无法弄清楚我做错了什么。
当我用户注册时,他/她需要确认他/她的电子邮件地址。 完成此操作并且用户登录后,他/她应该被重定向到个人资料页面... profile.php 但由于某种原因,这不起作用。谁知道为什么?
的index.php
<?php
/* Main page with two forms: sign up and log in */
require 'db.php';
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Sign-Up/Login Form</title>
<?php include 'css/css.html'; ?>
</head>
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
if (isset($_POST['login'])) { //user logging in
require 'login.php';
}
elseif (isset($_POST['register'])) { //user registering
require 'register.php';
}
}
?>
<body>
<div class="form">
<ul class="tab-group">
<li class="tab"><a href="#signup">Sign Up</a></li>
<li class="tab active"><a href="#login">Log In</a></li>
</ul>
<div class="tab-content">
<div id="login">
<h1>Welcome Back!</h1>
<form action="index.php" method="post" autocomplete="off">
<div class="field-wrap">
<label>
Email Address<span class="req">*</span>
</label>
<input type="email" required autocomplete="off" name="email"/>
</div>
<div class="field-wrap">
<label>
Password<span class="req">*</span>
</label>
<input type="password" required autocomplete="off" name="password"/>
</div>
<p class="forgot"><a href="forgot.php">Forgot Password?</a></p>
<button class="button button-block" name="login" />Log In</button>
</form>
</div>
<div id="signup">
<h1>Sign Up for Free</h1>
<form action="index.php" method="post" autocomplete="off">
<div class="top-row">
<div class="field-wrap">
<label>
First Name<span class="req">*</span>
</label>
<input type="text" required autocomplete="off" name='firstname' />
</div>
<div class="field-wrap">
<label>
Last Name<span class="req">*</span>
</label>
<input type="text"required autocomplete="off" name='lastname' />
</div>
</div>
<div class="field-wrap">
<label>
Email Address<span class="req">*</span>
</label>
<input type="email"required autocomplete="off" name='email' />
</div>
<div class="field-wrap">
<label>
Set A Password<span class="req">*</span>
</label>
<input type="password"required autocomplete="off" name='password'/>
</div>
<button type="submit" class="button button-block" name="register" />Register</button>
</form>
</div>
</div><!-- tab-content -->
</div> <!-- /form -->
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
<script src="js/index.js"></script>
</body>
</html>
的login.php
<?php
/* User login process, checks if user exists and password is correct */
// Escape email to protect against SQL injections
$email = $mysqli->escape_string($_POST['email']);
$result = $mysqli->query("SELECT * FROM users WHERE email='$email'");
if ( $result->num_rows == 0 ){ // User doesn't exist
$_SESSION['message'] = "User with that email doesn't exist!";
header("location: error.php");
}
else { // User exists
$user = $result->fetch_assoc();
if ( password_verify($_POST['password'], $user['password']) ) {
$_SESSION['email'] = $user['email'];
$_SESSION['first_name'] = $user['first_name'];
$_SESSION['last_name'] = $user['last_name'];
$_SESSION['active'] = $user['active'];
// This is how we'll know the user is logged in
$_SESSION['logged_in'] = true;
header("location: profile.php");
}
else {
$_SESSION['message'] = "You have entered wrong password, try again!";
header("location: error.php");
}
}
profile.php
<?php
/* Displays user information and some useful messages */
session_start();
// Check if user is logged in using the session variable
if ( $_SESSION['logged_in'] != 1 ) {
$_SESSION['message'] = "You must log in before viewing your profile page!";
header("location: error.php");
}
else {
// Makes it easier to read
$first_name = $_SESSION['first_name'];
$last_name = $_SESSION['last_name'];
$email = $_SESSION['email'];
$active = $_SESSION['active'];
}
?>
<!DOCTYPE html>
<html >
<head>
<meta charset="UTF-8">
<title>Welcome <?= $first_name.' '.$last_name ?></title>
<?php include 'css/css.html'; ?>
</head>
<body>
<div class="form">
<h1>Welcome</h1>
<p>
<?php
// Display message about account verification link only once
if ( isset($_SESSION['message']) )
{
echo $_SESSION['message'];
// Don't annoy the user with more messages upon page refresh
unset( $_SESSION['message'] );
}
?>
</p>
<?php
// Keep reminding the user this account is not active, until they activate
if ( !$active ){
echo
'<div class="info">
Account is unverified, please confirm your email by clicking
on the email link!
</div>';
}
?>
<h2><?php echo $first_name.' '.$last_name; ?></h2>
<p><?= $email ?></p>
<a href="logout.php"><button class="button button-block" name="logout"/>Log Out</button></a>
</div>
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
<script src="js/index.js"></script>
</body>
</html>
error.php
<?php
/* Displays all error messages */
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Error</title>
<?php include 'css/css.html'; ?>
</head>
<body>
<div class="form">
<h1>Error</h1>
<p>
<?php
if( isset($_SESSION['message']) AND !empty($_SESSION['message']) ):
echo $_SESSION['message'];
else:
header( "location: index.php" );
endif;
?>
</p>
<a href="index.php"><button class="button button-block"/>Home</button></a>
</div>
</body>
</html>
答案 0 :(得分:2)
在输出脚本上的任何内容之前使用 ob_start(); 。看起来你成了装满输出罐的受害者。
<?php
ob_start();
//Make sure you use ob_start() before any outputting anything.
//Rest of your code
?>
建议:正如评论中所提到的那样请定义一种类型的登录按钮,如type =“submit”,最后一件事,escape_string()将不会从sql注入中保存。使用PDO或Prepared语句。