管理页面不会显示

时间:2017-10-28 13:56:00

标签: php css

  

警告:无法修改标头信息 - 已发送的标头   (输出从/ admin / index.php:21开始)   第24行/var/www/web143366/html/admin/index.php

   <?php
require_once('../config.php');
require_once('../php/functions.php');

?>
<!DOCTYPE>
<html lang="eng">
<head>
<meta charset="UTF-8">

<title>Admin Panel</title>

<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" type="text/css" href="admin.css">
<link rel="stylesheet" type="text/css" href="../layout.css">
</head>

<body>


<?php

if (!isset($_SESSION['adminid'])) { 
    header('Location: /admin/login');
} else {

?>

<div id="leftPanel">
<a href="/"><div class="przyciskPanelAdmina">Homepage</div></a>
    <a href="/admin"><div class="przyciskPanelAdmina active">Dashboard</div></a>
    <a href="accounts"><div class="przyciskPanelAdmina">Manage Accounts</div></a>
    <a href="addAccount"><div class="przyciskPanelAdmina">Add Account</div></a>
    <a href="addCategory"><div class="przyciskPanelAdmina">Add Category</div></a>
    <a href="messages"><div class="przyciskPanelAdmina">Messages</div></a>
    <a href="logout"><div class="przyciskPanelAdmina">Logout</div></a>
</div>

<div id="rightPanel">
    <h3>Recent payments</h3>
    <table>
    <tr class='first'>
        <td width='20%'>Account Login</td>
        <td width='20%'>Account Password</td>
        <td width='20%'>Date</td>
        <td width='20%'>Amount</td>
        <td width='20%'>Payment ID</td>
    </tr>
    <?php

    $sql = $conn->prepare('SELECT accounts.login AS Login, accounts.password AS Pass, date, amount, paymentID FROM payments INNER JOIN accounts ON payments.accountId=accounts.id order by date DESC');
    $sql->execute();
    $result = $sql->get_result();
    while ($row = $result->fetch_assoc()) {
        echo "<tr><td width='20%'>" . $row['Login'] ."</td><td width='20%'>" . $row['Pass'] ."</td><td width='20%'>" . $row['date'] ."</td><td width='20%'>" . $row['amount'] ."$</td><td width='20%'>" . $row['paymentID'] ."</td></tr>";
    }

    ?>
    </table>

    <div class="clear"></div>
</div>




<?php

}

?>

</body>
</html>

全部编辑:这是错误。当我删除第24行时,我收到以下错误。

  

致命错误:调用未定义的方法mysqli_stmt :: get_result()in   第32行/var/www/web143366/html/admin/login.php   第32行:$result = $sql->get_result();

代码:

$sql = $conn->prepare('SELECT * FROM admin WHERE email = ?');
    $sql->bind_param('s', $email);
    $sql->execute();
    $result = $sql->get_result();

    if ($result->num_rows < 1) {
        echo "<h1>Wrong email or password</h1>";
    } else {
        while ($row = $result->fetch_assoc()) {
            $p = $row['password'];
            $uid = $row['id'];
        }

        if (password_verify($pass, $p)) {
            $_SESSION['adminid'] = $uid;
            header('Location: /admin');
        } else {
            echo "<h1>Wrong email or password 2</h1>";
        }
    }
}

的login.php =

<?php
require_once('../config.php');
require_once('../php/functions.php');

?>
<!DOCTYPE>
<html lang="eng">
<head>
<meta charset="UTF-8">

<title>Admin Panel</title>

<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" type="text/css" href="css/style.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/jquery-ui.min.js"></script>

</head>

<body>

<?php

if (isset($_POST['loginBtn'])) {
    $email = htmlspecialchars($_POST['mail']);
    $pass = htmlspecialchars($_POST['password']);


    $sql = $conn->prepare('SELECT * FROM admin WHERE email = ?');
    $sql->bind_param('s', $email);
    $sql->execute();
    $result = $sql->get_result();

    if ($result->num_rows < 1) {
        echo "<h1>Wrong email or password</h1>";
    } else {
        while ($row = $result->fetch_assoc()) {
            $p = $row['password'];
            $uid = $row['id'];
        }

        if (password_verify($pass, $p)) {
            $_SESSION['adminid'] = $uid;
            header('Location: /admin');
        } else {
            echo "<h1>Wrong email or password 2</h1>";
        }
    }
}

if (isset($_POST['forgotBtn'])) {
    $code = randomChars(20);
    $email = htmlspecialchars($_POST['mail']);

    $sql = $conn->prepare('SELECT * FROM admin WHERE email = ?');
    $sql->bind_param('s', $email);
    $sql->execute();

    $result = $sql->get_result();

    if ($result->num_rows < 1) {
        echo "<h1>No user with that email</h1>";
    } else {
        while ($row = $result->fetch_assoc()) {
            $uid = $row['id'];
        }
        $sql = $conn->prepare('INSERT INTO resetpass (userID, code) VALUES (?, ?)');
        $sql->bind_param('ss', $uid, $code);
        $sql->execute();

        $message = "Your reset link: " . "http://" .$_SERVER['SERVER_NAME'] . '/admin/login?r=' . $code;
        $to = $email;
        $title = "Reset Password";
        if (sendEmail($to, $message, $title)) {
            echo "Email with reset code has been sent";
        } else {
            echo "Error while sending email";
        }
    }
}

if (isset($_POST['resetBtn'])) {
    $nPass = htmlspecialchars($_POST['nPass']);
    $code = $_POST['code'];

    $password = password_hash($nPass, PASSWORD_DEFAULT);

    $sql = $conn->prepare('SELECT * FROM resetpass WHERE code = ?');
    $sql->bind_param('s', $code);
    $sql->execute();

    $result = $sql->get_result();

    if ($result->num_rows < 1) {
        echo "<h1>Error</h1>";
    } else {
        while ($row = $result->fetch_assoc()) {
            $uid = $row['userID'];
        }
        $sql = $conn->prepare('UPDATE resetpass SET used = "1" WHERE code = ?');
        $sql->bind_param('s', $code);
        $sql->execute();

        $sql = $conn->prepare('UPDATE admin SET password = ? WHERE id = ?');
        $sql->bind_param('ss', $password, $uid);
        $sql->execute();

        echo "Password changed successfuly, you can now login";
    }
}




?>

<?php

if (!isset($_SESSION['adminid'])) { 
    if (isset($_GET['forgot'])) { ?>
    <form action="" method="POST">
        <div class="formularzowyNaglowek">Account Email Address:</div>
        <input type="email" name="mail" placeholder="Email address" required>
        <input type="submit" name="forgotBtn" value="Reset">
    </form> 

<?php } else if (isset($_GET['r'])) { ?>

    <form action="" method="POST">
        <div class="formularzowyNaglowek">New Password:</div>
        <input type="password" name="nPass" placeholder="New password" required>
        <input type="hidden" name="code" value="<?php echo $_GET['r'] ?>" required>
        <input type="submit" name="resetBtn" value="Reset">
    </form> 

<?php
    } else { ?>
        <h2 style="text-align: left;">Login to admin panel</h2>
        <form action="" method="POST">
        <div class="formularzowyNaglowek">Email Address:</div>
        <input type="email" name="mail" placeholder="Email address" required>
        <div class="formularzowyNaglowek">Password:</div>
        <input type="password" name="password" placeholder="Password" required>
        <input type="submit" name="loginBtn" value="Login">
        </form> 
        <a href="/admin/login?forgot">Forgot your password?</a>
<?php
    }
} else {
    header('Location: /admin');
}





?>

</body>
</html>

1 个答案:

答案 0 :(得分:0)

当用户未登录时,行header('Location: /admin/login');将重定向到登录页面。 问题是,当已经输出内容(echo或html)时,函数header()不起作用。

<?php
session_start(); // only if you havent called session_start in config.php or functions.php
require_once('../config.php');
require_once('../php/functions.php');

if (!isset($_SESSION['adminid'])) { 
    header('Location: /admin/login');
    exit();
}

?>
<!DOCTYPE>
<html lang="eng">
<head>
<meta charset="UTF-8">

<title>Admin Panel</title>

<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" type="text/css" href="admin.css">
<link rel="stylesheet" type="text/css" href="../layout.css">
</head>

<body>

<div id="leftPanel">
<a href="/"><div class="przyciskPanelAdmina">Homepage</div></a>
    <a href="/admin"><div class="przyciskPanelAdmina active">Dashboard</div></a>
    <a href="accounts"><div class="przyciskPanelAdmina">Manage Accounts</div></a>
    <a href="addAccount"><div class="przyciskPanelAdmina">Add Account</div></a>
    <a href="addCategory"><div class="przyciskPanelAdmina">Add Category</div></a>
    <a href="messages"><div class="przyciskPanelAdmina">Messages</div></a>
    <a href="logout"><div class="przyciskPanelAdmina">Logout</div></a>
</div>

<div id="rightPanel">
    <h3>Recent payments</h3>
    <table>
    <tr class='first'>
        <td width='20%'>Account Login</td>
        <td width='20%'>Account Password</td>
        <td width='20%'>Date</td>
        <td width='20%'>Amount</td>
        <td width='20%'>Payment ID</td>
    </tr>
    <?php

    $sql = $conn->prepare('SELECT accounts.login AS Login, accounts.password AS Pass, date, amount, paymentID FROM payments INNER JOIN accounts ON payments.accountId=accounts.id order by date DESC');
    $sql->execute();
    $result = $sql->get_result();
    while ($row = $result->fetch_assoc()) {
        echo "<tr><td width='20%'>" . $row['Login'] ."</td><td width='20%'>" . $row['Pass'] ."</td><td width='20%'>" . $row['date'] ."</td><td width='20%'>" . $row['amount'] ."$</td><td width='20%'>" . $row['paymentID'] ."</td></tr>";
    }

    ?>
    </table>

    <div class="clear"></div>
</div>
</body>
</html>