输入正确的凭据后,我总是一次又一次地重定向到 login.php 。当我输入写密码时,我需要被重定向到 insert_package.php 。当我进入
本地主机/ myproject的/ insert_package.php
在URL中然后它会自动将我重定向到登录页面,但是输入写入密码不允许我输入 insert_package.php 。
的login.php
<?php
// Include config file
require_once '../config.php';
// Define variables and initialize with empty values
$username = $password = "";
$username_err = $password_err = "";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Check if username is empty
if(empty(trim($_POST["username"]))){
$username_err = 'Please enter username.';
} else{
$username = trim($_POST["username"]);
}
// Check if password is empty
if(empty(trim($_POST['password']))){
$password_err = 'Please enter your password.';
} else{
$password = trim($_POST['password']);
}
// Validate credentials
if(empty($username_err) && empty($password_err)){
// Prepare a select statement
$sql = "SELECT username, password FROM users WHERE username = ?";
if($stmt = mysqli_prepare($conn, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Set parameters
$param_username = $username;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if(mysqli_stmt_num_rows($stmt) == 1){
// Bind result variables
mysqli_stmt_bind_result($stmt, $username, $hashed_password);
if(mysqli_stmt_fetch($stmt)){
if(password_verify($password, $hashed_password)){
/* Password is correct, so start a new session and
save the username to the session */
session_start();
$_SESSION['username'] = $username;
header("location: insert_package.php");
} else{
// Display an error message if password is not valid
$password_err = 'The password you entered was not valid.';
}
}
} else{
// Display an error message if username doesn't exist
$username_err = 'No account found with that username.';
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
}
// Close connection
mysqli_close($conn);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
<style type="text/css">
body{ font: 14px sans-serif; }
.wrapper{ width: 350px; padding: 20px; }
</style>
</head>
<body>
<div class="wrapper">
<h2>Login</h2>
<p>Please fill in your credentials to login.</p>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
<label>Username</label>
<input type="text" name="username"class="form-control" value="<?php echo $username; ?>">
<span class="help-block"><?php echo $username_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
<label>Password</label>
<input type="password" name="password" class="form-control">
<span class="help-block"><?php echo $password_err; ?></span>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Login">
</div>
<p>Don't have an account? <a href="register.php">Sign up now</a>.</p>
</form>
</div>
</body>
</html>
insert_package.php
<?php
// Initialize the session
session_start();
// If session variable is not set it will redirect to login page
if(!isset($_SESSION['username']) || empty($_SESSION['username'])){
header("location: login.php");
exit;
}
?>
<?php
include('sidebar.php');?>
<html>
<head>
<title >INSERT PACKAGE</title>
</head>
<body>
<br />
<table cellpadding="50" border='1' align="center">
<form action="insert.php" method="post" name="file" enctype="multipart/form-data" autocomplete="off" ><br />
<tr>
<td>Package Name</td>
<td><input type="text" name="pname" /></td>
</tr>
<tr>
<td>Image</td>
<td><input type="file" name="fimage" /></td>
</tr>
<tr>
<td >
<input type="submit" name="submit" value="INSERT" />
<input type="submit" name="submit2" value="VIEW" />
<input type="submit" name="submit3" value="DELETE" /></td>
</tr>
</form>
</body>
</html>
答案 0 :(得分:0)
数据库中的哈希密码与密码不匹配。你应该做这样的事情
Register.php
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js">
</script>
<table>
<tr>
<td>
<div class="dropdown">
<button onclick="myFunction(event)" class="dropbtn">Dropdown</button>
<div id="myDropdown" class="dropdown-content">
<a href="#">Link 1</a>
<a href="#">Link 2</a>
<a href="#">Link 3</a>
</div>
</div>
</td>
<td>
<div class="dropdown2">
<button onclick="myFunction2(event)" class="dropbtn2">Dropdown2</button>
<div id="myDropdown2" class="dropdown-content2">
<a href="#">Link 4</a>
<a href="#">Link 5</a>
<a href="#">Link 6</a>
</div>
</div>
</td>
<td>
<div class="dropdown3">
<button onclick="myFunction3(event)" class="dropbtn3">Dropdown3</button>
<div id="myDropdown3" class="dropdown-content3">
<a href="#">Link 7</a>
<a href="#">Link 8</a>
<a href="#">Link 9</a>
</div>
</div>
</td>
</tr>
</table>
</body>
</html>的login.php
// Hash a new password for storing in the database.
function saveUser($username, $password) {
$hashPassword = password_hash($password, PASSWORD_BCRYPT);
// save $username and $hashPassword to db with insert into...
}