我有使用验证码验证的登录表单。我在我的php文件中编写验证时遇到问题,如果验证码输入不正确,验证将会出错。目前,我已经确认如果没有输入验证码,则会显示错误,但是当我输入错误的验证码时,我会继续登录并登录用户。这是我的代码,感谢您的帮助。
login.php
<?php
session_start();
require 'connection.php';
$username_error = "";
$password_error = "";
$captcha_error = "";
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
if(isset($_POST['submit']))
{
$v_username = $_POST['username'];
$v_password = $_POST['password'];
$v_captcha = $_POST['captcha'];
function validation($form_data)
{
$form_data = trim(stripcslashes(htmlspecialchars($form_data)) );
return $form_data;
}
$username = validation($v_username);
$password = validation($v_password);
$captcha = validation($v_captcha);
if(empty($username))
{
$username_error = "<p>Please enter your username!</p>";
}
if(empty($password))
{
$password_error = "<p>Please enter your password!</p>";
}
if(empty($captcha))
{
$captcha_error = "<p>Please enter your captcha!</p>";
}
if(!empty($username) && !empty($password) && !empty($captcha)) {
$sql = "SELECT * FROM member_auth WHERE username = :username";
$stmt = $pdo->prepare($sql);
$stmt->bindValue(':username', $username);
$stmt->execute();
$user = $stmt->fetch(PDO::FETCH_ASSOC);
//echo "<pre>", var_dump($user), "</pre>"; die("!");
if($user === false){
$username_error = "<p>User doesn't exist</p>";
} else {
$validPassword = crypt($password, $cryptpass);
if($cryptpass = $validPassword){
$_SESSION['username'] = $user['username'];
header('Location: login_success.php');
}
}
}
}
}
?>
<!DOCTYPE HTML>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
<link rel="stylesheet" href="/login_assets/css/style.css">
<link href="https://fonts.googleapis.com/css?family=Raleway:300,400,500&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css?family=Open+Sans:400,600&display=swap" rel="stylesheet">
<link rel="stylesheet" href="/login_assets/css/media.css">
<script src="/login_assets/js/jquery.min.js"></script>
<script src="/login_assets/js/modernizr.custom.js"></script>
</head>
<body>
<header class="clear hBlack">
<div class="jLogo"><a href="/"><img src="/login_assets/images/logo.png" alt=""></a></div>
</header>
<div class="logArea clear">
<form action="login.php" method="post">
<div class="logbox">
<div class="box clear">
<h2>Members Area</h2>
<div class="logTypes">
<input type=text name="username" class="logtextbox" placeholder="Username">
<span class="text-danger"><?php echo $username_error; ?></span>
<input type=password name="password" class="logtextbox" placeholder="Password"><br>
<span class="text-danger"><?php echo $password_error; ?></span>
<input type=text name="captcha" class="logtextbox" placeholder="Enter the code shown below">
<span class="text-danger"><?php echo $captcha_error; ?></span>
<br>
<img style="margin: 0 auto;" src="/img.cptcha">
<div style="text-align: center">Remember my login: <input name="rmb" type=checkbox value=”y”></div>
</div>
</div>
<input type="submit" name="submit" value="submit" class="logBtn">
</div>
</form>
</div>
</div>
<footer class="clear">
<p class="fNav"><a href="/">Home</a><span>|</span>
<a href="/">Log Out</a>
</p>
</p>
</footer>
</body>
</html>