我正在制作一个带有用户登录的MySQL的动态PHP页面。我最近将登录名更改为jQuery/AJAX,以使其更加流畅,而不会丢失用户当前所在的页面。事情是,当我错过我登录证书并不是如何消息,我希望它这样做。如何使jQuery/Ajax登录返回“错误凭据”错误?
这里是我的形式:
<form id="ajax-login-form" action="session/login.php" method="post" role="form" autocomplete="off">
<div class="form-group">
<label for="username">Login</label>
<input type="text" name="u" id="username" tabindex="1" class="form-control" placeholder="Log in" value="" autocomplete="off">
</div>
<div class="form-group">
<label for="password">Password</label>
<input type="password" name="p" id="password" tabindex="2" class="form-control" placeholder="Password" autocomplete="off">
</div>
<div class="form-group">
<div class="row">
<div class="col-xs-5 pull-right">
<input type="submit" name="login-submit" id="login-submit" tabindex="4" class="form-control btn btn-success" value="Log In">
</div>
</div>
</div>
</form>
我的jQuery/AJAX:
$(document).ready(function() {
//From insert
$("#login-submit").click(function() {
var $form = $('#ajax-login-form');
$form.submit(false);
$.post($form.attr("action"), $form.serializeArray(), function (info) {
$("#result").html(info)
})
location.reload();
});
});
最后我的PHP代码
<?php
session_start();
$lig = mysql_connect("localhost", "root","") or
die ("Problema na ligação ao servidor MYSQL");
mysql_select_db("demo", $lig);
$u=$_REQUEST['u'];
$p=$_REQUEST['p'];
$sql="select numuti,nome,nomeutilizador,codtipo,reset from utilizadores where nomeutilizador='$u' and password=md5('$p')";
$res=mysql_query($sql);
if (mysql_num_rows($res) == 1)
{
$lin = mysql_fetch_array($res, MYSQL_ASSOC);
$_SESSION['user'] = $lin['nomeutilizador'];
$_SESSION['nivel'] = $lin['codtipo'];
$_SESSION['reset'] = $lin['reset'];
//$_SESSION['foto'] = $lin['imagem'];
$_SESSION['nome'] = $lin['nome'];
$_SESSION['cod']= $lin['numuti'];
}else{
echo "<div class='alert alert-danger'>
<strong><center>Login Inválido, Tente Novamente</center></strong>
</div>";
}
?>
这可能是一个重复的问题,但我不能对于我的问题找不到可靠的答案,我尝试使用div制作错误,如您在login.php页面中看到的。
您的代码容易受到[** SQL注入**](https://en.wikipedia.org/wiki/SQL_injection)攻击。你应该使用[** mysqli **](https://secure.php.net/manual/en/mysqli.prepare.php)或[** PDO **](https://secure.php.net/ manual/en/pdo.prepared-statements.php)准备带有绑定参数的语句,如[**这篇文章**]所述(https://stackoverflow.com/questions/60174/how-can-i-prevent-sql步喷射功能于PHP)。 –
MD5不足以进行密码散列。使用['password_hash()'](http://us3.php.net/manual/en/function.password-hash.php)和['password_verify()'](http://us3.php.net/ manual/en/function.password-verify.php)。 –
请勿使用'mysql_ *'功能。自v5.5(2013年6月)开始,它们已被弃用,并从v7.0(2015年12月)开始删除。请使用[** mysqli _ ***](https://secure.php.net/manual/en/book.mysqli.php)或[** PDO **](https://secure.php.net /manual/en/book.pdo.php)与[**准备语句**](https://secure.php.net/manual/en/pdo.prepare.php)和[**绑定参数** ](https://secure.php.net/manual/en/pdostatement.bindparam.php)。 –