我正在使用PHP构建登录表单,我注意到即使使用了错误的用户名和密码,我仍然会登录并定向到主页。实际上,我不必在该字段中键入任何内容,只需单击“提交”按钮,它将自动将我带到我的主页。这不应该发生,我真的需要帮助。请任何人看看我的代码并告诉我问题所在。非常感谢。 //我的login.php文件 好的,我已经更改了代码,结果仍然相同
<?php
session_start();
#first if
if (isset($_POST['submit'])) {
include 'conn.php';
$uid = mysqli_real_escape_string( $conn, $_POST['inpUsername']);
$pwd = mysqli_real_escape_string( $conn, $_POST['inpPassword']);
//Error handerlers
//Check if this input are empty
#second if
if (empty($uid) || empty($pwd)) {
header("Location:login.html?login=empty");
exit();
}/*second else*/ else {
$sql = "SELECT * FROM users WHERE user_uid='$uid' OR user_email='$uid'";
$result = mysqli_query($conn,$sql);
$resultCheck = mysqli_num_rows($result);
#third if
if ($resultCheck < 1) {
header("Location:login.html?login=error");
exit();
}/*third else*/ else {
#forth if
if ($row = mysqli_fetch_assoc($result)) {
//de-hashing the password
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
#fifth if
if ($hashedPwdCheck == false) {
header("Location:login.html?login=error");
exit();
} /*fifth else*/ elseif ($hashedPwdCheck == true) {
//Log in the user here
$_SESSION['u_id'] = var_dump($row['user_id']);
$_SESSION['u_first'] = var_dump($row['user_first']);
$_SESSION['u_last'] = var_dump($row['user_last']);
$_SESSION['u_email'] = var_dump($row['user_email']);
$_SESSION['u_uid'] = var_dump($row['user_uid']);
//$_SESSION['user_pwd'] = $row['user_password'];
header("Location: ../Salon/Index.php?login=success");
exit();
}
}
}
}
}/*first else*/ else {
header("Location:login.html?login=error");
exit();
}
//我的login.html表单
<?php
session_start();
//ini_set('display errors', 1);
//$monthname = strtolower(date('M'));
//include 'conn.php';
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title> Login</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<link href="../assets/bootstrap.css" rel="stylesheet" />
<script src="../assets/bootstrap.js"></script>
<link href="../assets/site.css" rel="stylesheet" />
</head>
<body>
<form action="login.php" method="POST">
<div id="msgPage" class="alert alert-info margin-10" role="alert">
Please enter your information to log in.
<div class="form-group">
<label for="exampleInputEmail1">Username</label>
<input type="text" class="form-control" name="inpUsername" placeholder="Enter name">
</div>
<div class="form-group">
<label for="inpPassword">Password</label>
<input type="password" class="form-control" name="inpPassword" placeholder="Enter password">
</div>
<button type="submit" name="submit" class= "btn btn-primary">Login</button>
</div>
</form>
</body>
</html>
//我的连接页面
<?php
$servername = "localhost";
$username = "forum";
$password = "12345";
$dbname = "discussion_forum";
//$table = "users";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully";
?>
答案 0 :(得分:0)
所有链接都将您带到索引,只需将login $_GET变量设置为error或success。尽管您可以使用$_GET['login']进行一些客户端显示更改(某些情况下,请勿使用$_GET进行登录验证),但这可能不是预期的行为。
在“安全”页面上,您要做的是检查是否设置了您定义的$_SESSION变量。如果是,则显示安全内容。如果不是,则可以显示错误消息或重定向回登录名:
<?php
session_start();
if (isset($_SESSION['u_id'])) {
echo "Secure content";
}
else {
header("Location: login.html");
}
请注意,在您的示例中,“安全”页面是一个.html文件(/Salon/Index.html),这意味着您将无法在其中执行任何PHP代码。您需要将其更改为.php扩展名,然后更新所有链接以引用此扩展名:
header("Location: ../Salon/Index.php?login=error");
header("Location: ../Salon/Index.php?login=success");