我的pin.php为:
<?php //connection $db_host="localhost"; $db_username="root";
$db_password="";
$connection =
mysql_connect("$db_host","$db_username","$db_password");
if (!$connection){ die("database connection failed: ".
mysql_error()); }
session_start([
'cookie_lifetime' => 120, ]); //Start a new session (2 minutes)
?> <html> <head> <title>Check Result</title> </head> <body> Check
Result<br /><br /> <?php $dbname = "db";
$db_sel=mysql_select_db($dbname,$connection);
if(!$db_sel) {
echo "<h1>Unable to Connect to the Database</h1><hr />";
exit();
}
// Check submit button click
if(isset($_REQUEST['submit'])) { if (!empty($_POST['uname']) &&
!empty($_POST['pass'])) { $serial =
stripslashes(trim($_POST['serial'])); $pin =
stripslashes(trim($_POST['pin']));
$sign = mysql_query("SELECT * FROM pin WHERE serial='$serial' AND
pin='$pin'");
$no=mysql_num_rows($sign); //if username and password matches if($no!=0)
{
$_SESSION['serial']=$serial; $_SESSION['pin']= $pin;
$logintimes=mktime();
$ipaddress=$_SERVER['REMOTE_ADDR'];
//Redirects the user to the password protected page
header("Location: result.php");
exit();
} else{ // if invalid serial/pin echo "Invalid";
} } else{ // if empty on submit echo "empty";//empty”; } } ?>
<form action="print.php" method="post"> Serial Number: <input
type="text" name="serial" value="" class="style3" size="18"/><br />
PIN: <input type="hide" name="pin" class="style3" size="18"/><br />
<input type="submit" name="submit" value="Login" class="button" />
</form> </body> </html>
和我的result.php:
<?php
session_start([ 'cookie_lifetime' => 120, ]); if(isset($_SESSION['serial']) && ($_SESSION['pin'])) { ?>
<h3>Welcome</h3> <div> This is your result...<br /> <?php
$logintimes=mktime();
$ipaddress=$_SERVER['REMOTE_ADDR'];
echo $logintimes; echo $ipaddress; ?> </div> <?php session_destroy(); } else { //Redirects the user to the login page
if he is not logged in header("Location: index.php"); } ?>
在提交时,它仍在访问result.php而不检查serial=$serial和pin=$pin
答案 0 :(得分:0)
伙计们,我对此进行了一些调查。试图清理它以使其更具可读性,我建议至少模板化页面并使用replace('tag',function())方法将数据输入模板。
<?php //connection $db_host="localhost"; $db_username="root";
$db_password="";
$connection = mysql_connect("$db_host","$db_username","$db_password");
if (!$connection){
die("database connection failed: ".mysql_error());
}
session_start([
'cookie_lifetime' => 120, ]); //Start a new session (2 minutes)
?> <html> <head> <title>Check Result</title> </head> <body> Check Result<br /><br /> <?php
$dbname = "db";
$db_sel=mysql_select_db($dbname,$connection);
if(!$db_sel) {
echo "<h1>Unable to Connect to the Database</h1><hr />";
exit();
}
// Check submit button click
if( isset($_REQUEST['submit'])) {
if (!empty($_POST['uname']) && !empty($_POST['pass'])) {
$serial = stripslashes(trim($_POST['serial']));
$pin = stripslashes(trim($_POST['pin']));
$sign = mysql_query("SELECT * FROM pin WHERE serial='$serial' AND pin='$pin'");
while ($row = mysql_fetch_array($sign, MYSQL_NUM)) {
$_SESSION['serial'] = $serial;
$_SESSION['pin'] = $pin;
$logintimes = mktime();
$ipaddress = $_SERVER['REMOTE_ADDR'];
//Redirects the user to the password protected page
header("Location: result.php");
exit();
} // if success above will exit, else get to the below error note.
echo "Invalid";
}
} else { // if empty on submit
echo "Please enter you name or password FooL";//empty”;
}
}
?><form action="print.php" method="post"> Serial Number: <input type="text" name="serial" value="" class="style3" size="18"/><br /> PIN: <input type="hide" name="pin" class="style3" size="18"/><br /> <input type="submit" name="submit" value="Login" class="button" /> </form></body> </html>
我没有测试它,但是你可以看到我用行拉取代了n $ no,你需要了解的一点是行数将为零,因为你还没有拉行,这一点还在开始。