我有一个登录表单执行以下操作:
如果没有在用户名/密码表单中输入任何内容,它会重定向到具有敏感mysql数据的页面...如何添加一条向用户大喊大叫信息的php消息?
if ($numrows != 0)
{
$user = mysql_fetch_assoc($query);
echo "Welcome,".$username. "you are being directed to the <a href=\"page.php\">.</a>";
$_SESSION['username']= $user['username'];
}
else
{
echo ("please reenter your username and password. If you don't have those, please <a href=\".php\">register.</a>");
}
答案 0 :(得分:2)
如何添加一条对用户大喊大叫的php消息 信息?
这样的事情:
if( !isset( $_POST['username'] ) && !isset( $_POST['password'] ) ){
// This won't show if you use a header redirect
echo "YOU MUST ENTER A LOGIN";
exit; // Halt execution if necessary
}
如果需要,为empty()添加一些检查。
或者,如果您正在使用会话/ cookie和某种User对象,请执行此操作:
if( $user == null || !$user->isConnected() ){
// This won't show if you use a header redirect
echo "YOU MUST ENTER A LOGIN";
exit; // Halt execution if necessary
}
P.S:echo和exit可以合并为:
die("YOU MUST ENTER A LOGIN");
答案 1 :(得分:1)
使用php标头功能将用户重定向到您想要的任何页面。您可以将它们发送回登录页面或新页面。
<击> http://www.w3schools.com/php/func_http_header.asp
http://php.net/manual/en/function.header.php
header('Location: http://www.example.com/');
您需要检查输入的表单值是否可以接受。因此,请检查它们是否存在于您的代码中,然后根据它将它们发送到适当的位置。
答案 2 :(得分:1)
利用现有会话来保存您的错误。
<?php
session_start();
$continue=true;
if(isset($_POST)){
if(empty($_POST['username']) || strlen($_POST['username']) < 3){
$_SESSION['error']['username']='You must fill in your username';
$continue=false;
}
/*or if you use email as username
if(empty($_POST['username']) || filter_var($_POST['username'], FILTER_VALIDATE_URL)==false){
$_SESSION['error']['username']='You must fill in your username';
$continue=false;
}*/
if(empty($_POST['password'])){
$_SESSION['error']['password']='You must fill in your password';
$continue=false;
}
}else{
$_SESSION['error']['nopost']='You must fill out the form';
$continue=false;
}
if($continue===false){
header('location: ./login.php');
die();
}
//do all the connect stuff...
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$sql = "SELECT * FROM members WHERE username='$username' && password='$password' LIMIT 1";
if (mysql_num_rows(mysql_query($sql)==1)) {
//log them in
$_SESSION['loggedin']=true;
header('location: ./members.php');
//or whatever
/*
members.php would have a check for `$_SESSION['loggedin']==true` at the top
else redirect them to login.php with another header()
*/
}else{
$_SESSION['error']['username']='Wrong username or password';
$_SESSION['loggedin']=false;
header('location: ./index.php');
}
die();
?>
答案 3 :(得分:0)
你可以这样做:
if(isset($_POST['button_name'])) {
if(isset($_POST['username']) && $_POST['username'] != "") {
if(isset($_POST['password']) && $_POST['password'] != "") {
//Your code here
} else {
echo "You need to enter your password.";
}
} else {
echo "You need to enter your username.";
}
}
您需要添加提交表单的按钮的名称以及用户名和密码字段的名称。回声只是一个建议,你总是可以做其他事情。
答案 4 :(得分:0)
检查访问者是否在任何数据库查询之前按下了提交按钮:
login.php
<?php
if (!isset($_POST['Submit'])) {
// No input, redirect to login.php with error code 1
header("Location: index.php?error=1");
}
else{
// There is inout
$username = $_POST['username'];
$password = $_POST['password'];
// Account for typecase here if necessary
$sql = "SELECT * FROM members WHERE username = '$username' AND password = '$password'";
if (mysql_num_rows(mysql_query($sql))) {
// User is authenticated, redirect to private page
header("Location: private.php");
}
else {
// Wrong input, redirect to login.php with error code 2
header("Location: index.php?error=2");
}
}
?>
index.php
<?php
$errors[1] = 'Please type your usename and password';
$errors[2] = 'please verify your username and password';
?>
<form method="post" action="login.php">
<p>
<?php
if(isset($_GET['error']) && isset($errors[$_GET['error']]))
echo $errors[$_GET['error']], '</br>';
?>
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="username" /><br />
<input type="submit" name="submit" value="Let me in"/>
</p>
</form>