我正在使用AJAX HTTP请求将登录数据传递给我的php登录脚本。传递数据时,php脚本会在错误处理中检查后输入用户名和密码变量为空。我正在使用数据库中的有效登录详细信息。当用户使用password_hash()注册时,密码已经过哈希处理;方法也许这就是问题?
这是登录PHP脚本:
<?php
session_start();
if ( isset( $_POST[ 'submit' ] ) ) {
//Establish DB Connection
include_once 'DBConnection.php';
//Store Username and Password from Login Form
$Username = mysqli_real_escape_string( $conn, $_POST[ 'Username' ] );
$Password = mysqli_real_escape_string( $conn, $_POST[ 'Password' ] );
//Error Handlers
//Check if inputs are empty
if ( empty( $Username ) || empty( $Password ) ) {
header( "Location: ../index.php?login=empty" );
exit();
} else {
$sql = "SELECT * FROM User WHERE Username='" . $Username . "'";
$result = mysqli_query( $conn, $sql );
$resultCheck = mysqli_num_rows( $result );
if ( $resultCheck < 1 ) {
header( "Location: ../index.php?login=error" );
exit();
} else {
if ( $row = mysqli_fetch_assoc( $result ) ) {
//Dehash Password
$hashedPasswordCheck = password_verify( $Password, $row[ 'Password' ] );
if ( $hashedPasswordCheck == false ) {
header( "Location: ../index.php?login=error" );
exit();
} elseif ( $hashedPasswordCheck == true ) {
//Log in user
$_SESSION[ 'u_id' ] = $row[ 'User_ID' ];
$_SESSION[ 'u_first' ] = $row[ 'Forename' ];
$_SESSION[ 'u_last' ] = $row[ 'Surname' ];
$_SESSION[ 'u_email' ] = $row[ 'Email' ];
$_SESSION[ 'u_user' ] = $row[ 'Username' ];
header( "Location: ../index.php?login=success" );
exit();
}
}
}
}
} else {
header( "Location: ../index.php?login=error" );
exit();
}
这是表格代码:
<form class="form" role="form" method="post" action="../Assets/SignIn.php" accept-charset="UTF-8" id="login-nav">
<div class="form-group">
<label class="sr-only" for="exampleInputEmail2">Email Address</label>
<input type="email" class="form-control" id="Username" placeholder="Email Address/Username" required>
</div>
<div class="form-group">
<label class="sr-only" for="exampleInputPassword2">Password</label>
<input type="password" class="form-control" id="Password" placeholder="Password" required>
<div class="help-block text-right"><a href="">Forgot Password?</a>
</div>
</div>
<div class="form-group">
<button type="submit" name="submit" class="btn btn-primary btn-block" onclick="ajax_Login()">Sign in</button>
</div>
<div class="checkbox">
<label>
<input type="checkbox"> keep me logged-in
</label>
</div>
</form>
这是AJAX请求:
function ajax_Login(){
"use strict";
//Create XMLHttpRequest object
var request = new XMLHttpRequest();
//Create variables to store data to be sent to PHP file
var url = "signIn.php";
var uname = document.getElementById("Username").value;
var pword = document.getElementById("Password").value;
var vars = "Username="+uname+"&Password="+pword;
request.open("POST", url, true);
//Set content type header info for sending url encoded variables in the request
request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
//Access the onreadystatechange event for XMLHttpRequest object
request.onreadystatechange = function(){
if(request.readyState === 4 && request.status === 200){
var return_data = request.responseText;
document.getElementById("status").innerHTML = return_data;
}
};
//Send data to PHP file
request.send(vars);
}
答案 0 :(得分:-1)
请检查您的提交按钮名称,因为没有设置提交错误
的原因答案 1 :(得分:-1)
当您提交POST方法表单时,它会向服务器发送POST请求,然后设置全局Tree。
让我们来看看你的代码:
您使用$_POST检查是否已提交登录表单。这意味着您必须拥有一个带有isset( $_POST[ 'submit' ] )名称的HTML表单元素(输入,复选框等)。如果不这样做,只需简单地检查submit以查询数据库或继续工作。
isset($_POST)希望这个帮助