javascript - 使用JS / PHP验证登录表单 - Thinbug

使用JS / PHP验证登录表单

时间：2018-02-10 22:26:01

标签： javascript php ajax authentication login

我希望能够将用户发送到限制区域或返回一些显示Email and or password do not exist或类似内容的文字。无论email和password是否正确 NOTHING ，我都无法解决此问题。我将表单发送到运行此脚本的index页面。不知道为什么我没有重定向或出现任何错误。

受限制的网页会检查$_SESSION变量isset()是否为loginBtn.addEventListener('click', e => { e.preventDefault(); ajaxRequests.login(`login_email=${ loginEmail.value }&login_password=${ loginPassword.value }`); });，然后将其发回国内。

JS

login(formData) {
  return new Promise((resolve, reject) => {
    this.xhr.open('POST', '//localhost/mouthblog/', true);
    this.xhr.send(formData);

    this.xhr.onload = () => {
      if (this.xhr.status == 200) {
        resolve();
      } else {
        reject(this.xhr.statusText);
      }
    };

    this.xhr.onerror = () => {
      reject(this.xhr.statusText);
    };
  });
}

ajaxRequests.login（）

  if (isset($_POST['login_email']) && isset($_POST['login_password'])) {
    $email = htmlentities($_POST['login_email'], ENT_QUOTES, 'ISO-8859-15');
    $password = htmlentities($_POST['login_password'], ENT_QUOTES, 'ISO-8859-15');
    $login = new Login($email, $password);

    unset($login);
  }

这是在发送表单时应该运行的脚本

$_SESSION

检查有效的`session_start(); if (!isset($_SESSION['id']) || !isset($_SESSION['name']) || !isset($_SESSION['email'])) { header('Location: index.php'); }` vars

class Login extends Connection {
  public function __construct($email, $password) {
    $this->connect();

    $sql = "SELECT `id`, `name`, `email`, `password` FROM `users` WHERE `email`=:email";
    $query = $this->connect()->prepare($sql);
    $result = $query->execute(
      [
        ':email' => htmlentities($email, ENT_QUOTES, 'ISO-8859-15'),
      ]
    );

    // check if EMAIL exists
    if ($result) {
      $row             = $query->fetch(PDO::FETCH_OBJ);
      $id              = htmlentities($row->id, ENT_QUOTES, 'ISO-8859-15');
      $name            = htmlentities($row->name, ENT_QUOTES, 'ISO-8859-15');
      $email           = htmlentities($row->email, ENT_QUOTES, 'ISO-8859-15');
      $hashed_password = htmlentities($row->password, ENT_QUOTES, 'ISO-8859-15');

      // check if user input PASSWORD matches the unhashed PASSWORD in the database
      if (password_verify($password, $hashed_password)) {
        $_SESSION['id']    = htmlentities($id, ENT_QUOTES, 'ISO-8859-15');
        $_SESSION['name']  = htmlentities($name, ENT_QUOTES, 'ISO-8859-15');
        $_SESSION['email'] = htmlentities($email, ENT_QUOTES, 'ISO-8859-15');

        header('Location: blog_roll.php');
      } else {
        header('Location: index.php');
      }
    } else {
      echo 'THAT EMAIL ADDRESS DOES NOT EXIST';
    }
  }
}

登录查询（只需要它）

DB::getPdo()->lastInsertId();

// insert a user and get the record it
DB::transaction(function () { 
    $user = User::insert($save_data);
    $lastID = DB::getPdo()->lastInsertId();
});

1 个答案:

答案 0 :(得分：1)

您必须为ajax请求设置内容类型

this.xhr.open('POST', '//localhost/mouthblog/', true);
this.xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
this.xhr.send(formData);