我有一个登录表单,如果用户名和密码均正确,则可以成功登录网站上的用户。但是,如果这些凭证中的任何一个有误或为空,它会将我重定向到空白页custom_functions.php。它不验证我的用户名和密码,应该验证。任何帮助表示赞赏。这是我的代码。
login.php
<!DOCTYPE HTML>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Welcome to Love Her Feet</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="/login_assets/css/style.css">
<link href="https://fonts.googleapis.com/css?family=Raleway:300,400,500&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css?family=Open+Sans:400,600&display=swap" rel="stylesheet">
<link rel="stylesheet" href="/login_assets/css/media.css">
<script src="/login_assets/js/jquery.min.js"></script>
<script src="/login_assets/js/modernizr.custom.js"></script>
</head>
<body>
<header class="clear hBlack">
<div class="jLogo"><a href="/"><img src="/login_assets/images/logo.png" alt=""></a></div>
</header>
<div class="logArea clear">
<form action="custom_functions.php" method="post" enctype="application/x-www-form-urlencoded">
<div class="logbox">
<div class="box clear">
<h2>Members Area</h2>
<div class="logTypes">
<input type="text" name="username" class="logtextbox" placeholder="Username or email">
<span class="text-danger"><?php echo $username_error; ?></span>
<input type="password" name="password" class="logtextbox" placeholder="Password"><br>
<span class="text-danger"><?php echo $password_error; ?></span>
<!-- <input type="text" name="captcha" class="logtextbox" placeholder="Enter the code shown below"><br>
<img style="margin: 0 auto;" src="captcha.php">
<span class="text-danger"><?php echo $captcha_error; ?></span> -->
<div style="text-align: center">Remember my login: <input name="remember" type="checkbox"></div>
</div>
</div>
<input type="submit" value="submit" class="logBtn" name="submit">
</div>
</form>
<div class="logtext1">
</div>
<div class="logtext2">
</div>
</div>
</div>
<footer class="clear">
<p class="fNav"><a href="/">Home</a><span>|</span>
<a href="/">Log Out</a>
</p>
</footer>
</body>
</html>
custom_functions.php
<?php
function validation($form_data)
{
$form_data = trim(stripcslashes(htmlspecialchars($form_data)) );
return $form_data;
}
if ($_SERVER['REQUEST_METHOD'] == "POST"){
if(isset($_POST["submit"])) {
login_function();
}
}
function login_function() {
session_start();
require 'connection.php';
$username_error = "";
$password_error = "";
$v_username = $_POST['username'];
$v_password = $_POST['password'];
$username = validation($v_username);
$password = validation($v_password);
$remember = isset($_POST['remember']);
if(empty($username))
{
$username_error = "<p>Please enter your username!</p>";
}
if(empty($password))
{
$password_error = "<p>Please enter your password!</p>";
}
if(!empty($username) && !empty($password)) {
$sql = "SELECT * FROM member_auth WHERE username = :username";
$stmt = $pdo->prepare($sql);
$stmt->bindValue(':username', $username);
$stmt->execute();
$user = $stmt->fetch(PDO::FETCH_ASSOC);
$cryptpass = $user['cryptpass'];
if($user === false){
$username_error = "<p>User doesn't exist</p>";
} elseif($user) {
$newPass = crypt($password, $cryptpass);
if($cryptpass == $newPass) {
$_SESSION['loggedin'] = TRUE;
$_SESSION['username'] = $username;
if($remember == "on") {
setcookie("remember", $username, time()+3600);
}
header('Location: login_success.php');
} else {
$password_error = "<p>Password is not correct!</p>";
}
}
}
}
?>
login_success.php
<?php
session_start();
if(isset($_SESSION["loggedin"]) || $_COOKIE["remember"]) {
echo "Welcome, {$_SESSION["username"]} <br>";
echo "<a href='logout.php'>Logout</a>";
} else {
header("Location: login.php");
}