登录到内部,但由于登录失败而仍然显示错误

时间:2019-01-09 21:23:42

标签: php session

我正在制作一个注册/登录系统,但遇到一个问题,我进行了错误处理,并且一切正常,除非我尝试使用错误的密码登录,否则会显示错误-密码错误。然后,我再次输入正确的详细信息,它刷新页面并显示相同的错误,但是从第二次实际登录到内部时,我只需要转到主页或刷新网站即可。如何避免这种情况?我的意思是,如果有人输入了错误的详细信息,则会显示错误,然后,如果他第二次输入正确的详细信息,它将登录并重定向到配置文件,而不是即使他成功登录也仍然显示相同的错误,但是错误消息是否卡住了?我完整的login.php代码在这里:

<?php
include_once "includes/functions.php";
include_once "includes/connection.php";
?>

<?php
if(isset($_SESSION['author_role'])) {
  header("Location: index.php");
}
 ?>
<!DOCTYPE html>
<html lang="en" dir="ltr">
  <head>
    <meta charset="utf-8">
    <link href="css/bootstrap.min.css" rel="stylesheet">
    <link href="css/custom.css" rel="stylesheet">
    <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.6/umd/popper.min.js" integrity="sha384-wHAiFfRlMFy6i5SRaxvfOCifBUQy1xHdJ/yoi7FRNXMRBu5WHdZYu1hA6ZOblgut" crossorigin="anonymous"></script>
    <script src="js/bootstrap.min.js"></script>
    <title>Sign In</title>
  </head>
  <body>

    <!-- NAVIGATION BAR -->
    <?php include_once "includes/nav.php"; ?>
    <!-- NAVIGATION BAR ENDS -->
<div class="login-form">
    <?php

    if(isset($_GET['error'])) {
      if($_GET['error'] == "emptyfields") {
        echo '<div class="alert alert-danger alert-dismissible fade show" role="alert">
          Empty fields!
          <button type="button" class="close" data-dismiss="alert" aria-label="Close">
          <span aria-hidden="true">&times;</span>
          </button>
        </div>';
      } else if ($_GET['error'] == "email") {
        echo '<div class="alert alert-danger alert-dismissible fade show" role="alert">
          Enter valid email!
          <button type="button" class="error" data-dismiss="alert" aria-label="Close">
          <span aria-hidden="true">&times;</span>
          </button>
        </div>';
      } else if ($_GET['error'] == "exist") {
        echo '<div class="alert alert-danger alert-dismissible fade show" role="alert">
          Password can contain 5-20 letters!
          <button type="button" class="close" data-dismiss="alert" aria-label="Close">
          <span aria-hidden="true">&times;</span>
          </button>
        </div>';
      } else if ($_GET['error'] == "error") {
        echo '<div class="alert alert-danger alert-dismissible fade show" role="alert">
          Login failed!
          <button type="button" class="close" data-dismiss="alert" aria-label="Close">
          <span aria-hidden="true">&times;</span>
          </button>
        </div>';
      } 
    }


     ?>

       <form method="post" class="form-signin">
         <div class="form-group">
           Email address
           <input type="email" name="author_email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus>
           <small id="emailHelp" class="form-text text-muted">We'll never share your email with anyone else.</small>
         </div>
         <div class="form-group">
           Password
           <input type="password" name="author_password" id="inputPassword" class="form-control" placeholder="Password" required>
         </div>
         <div class="form-group form-check">
           <input type="checkbox" class="form-check-input" id="exampleCheck1">
           Check me out
         </div>
         <button type="submit" name="signup" class="btn btn-primary">Submit</button>
       </form>
</div>

  <?php

  if(isset($_POST['signup'])) {
    $author_email = mysqli_real_escape_string($conn, $_POST['author_email']);
    $author_password = mysqli_real_escape_string($conn, $_POST['author_password']);

    // Checking for empty fields
    if(empty($author_email) OR empty($author_password)) {
      header("Location: login.php?error=emptyfields");
      exit();
    }

    // Checking for validity of Email
    if(!filter_var($author_email, FILTER_VALIDATE_EMAIL)) {
      header("Location: login.php?error=email");
      exit();
    } else {
    // If email exists
    $sql = "SELECT * FROM `author` WHERE `author_email`='$author_email'";
    $result = mysqli_query($conn, $sql);
    if(mysqli_num_rows($result) <= 0) {
      header("Location: login.php?error=error");
      exit();
    } else {
      while($row = mysqli_fetch_assoc($result)) {
    // Checking if password matches
    if(!password_verify($author_password, $row['author_password'])) {
      header("Location: login.php?error=error");
      exit();
    } else if(password_verify($author_password, $row['author_password'])) {
      $_SESSION['author_id'] = $row['author_id'];
      $_SESSION['author_name'] = $row['author_name'];
      $_SESSION['author_email'] = $row['author_email'];
      $_SESSION['author_bio'] = $row['author_bio'];
      $_SESSION['author_role'] = $row['author_role'];
      header("Location: panel/index.php");
      exit();
    }
              }
          }
      }
  }

   ?>

  </body>
</html>

0 个答案:

没有答案
相关问题
最新问题