-1
我有一个CSS弹出窗口,显示一个登录表单。当我尝试登录时,只是重新加载页面,弹出窗口再次出现。CSS popup登录表单和PHP登录脚本
下面是打开弹出
<a href="#login_form" class="btn signInBtn">Sign In</a>
链接这里是我的弹出登录表单的HTML。
<a href="#x" class="overlay" id="login_form"></a>
<div class="popup">
<h2 class="modal-header">Sign In</h2>
<div class="modal-body">
<form class="signIn-form">
<div class="errorMessage alert alert-error" id="errorMsg">
<h4>Whoops</h4>
<p>
<?php echo $errorMsg; ?>
</p>
</div>
<fieldset class="l-formMain">
<ul>
<li>
<label class="applyForm-label" for="email">Email</label>
<input class="applyForm-input required" type="email" id="login_email" placeholder="[email protected]" tabindex="1" />
</li>
<li>
<label class="applyForm-label" for="password">Password</label>
<input class="applyForm-input required" type="password" id="login_password" tabindex="2" />
<span class="forgotPassLi">
<a href="#forgotpass" class="v-secondary" style="position:relative; left:-150px;">Forgot your Password?</a>
</span>
</li>
</ul>
</fieldset>
<div class="modal-buttonHolder">
<input type="submit" class="btn btn-large" id="login" value="Sign In" tabindex="3" />
</div>
</form>
</div>
<a href="#close" class="modal-closeBtn">×</a>
</div>
这是我的PHP:
if(isset($_POST['login'])){
$login_email = $_POST['login_email'];
$login_password = $_POST['login_password'];
// error handling conditional checks go here
if ((!$login_email) || (!$login_password)) {
$errorMsg = 'Please fill in both fields';
} else { // Error handling is complete so process the info if no errors
include 'scripts/connect_to_mysql.php'; // Connect to the database
$email = mysql_real_escape_string($login_email); // After we connect, we secure the string before adding to query
$pass = md5($login_password); // Add MD5 Hash to the password variable they supplied after filtering it
// Make the SQL query
$sql = "SELECT * FROM members WHERE email='$email' AND password='$password' AND email_activated='1'";
$result = mysql_query($sql);
if($result){
$login_check = mysql_num_rows($result);
}
// If login check number is greater than 0 (meaning they do exist and are activated)
if($login_check > 0){
while($row = mysql_fetch_array($result)){
$id = $row["ID"];
$_SESSION['ID'] = $id;
// Create the idx session var
$_SESSION['idx'] = base64_encode("xxxxxxxxxxxxxxxxxxx$id");
// Create session var for their username
$email = $row["email"];
$_SESSION['email'] = $email;
$_SESSION['userId'] = $row["ID"];
mysql_query("UPDATE members SET last_log_date=now() WHERE ID='$id' LIMIT 1");
} // close while
// All good they are logged in, send them to homepage then exit script
if (isset($_SESSION["email"]) || count($_SESSION["email"]) > 0) {
header("Location: http://localhost/dashboard.php");
}
} else { // Run this code if login_check is equal to 0 meaning they do not exist
$errorMsg = "Either the email or password (or both) are incorrect. Make sure that you've typed them correctly and try again";
}
}// Close else after error checks
}
?>
尝试设置表单的页面的动作,而不在URL中#login_form(我猜这个节目的时提交表单) – TommyBs 2013-03-18 12:54:56
尽管你可以使用$ _REQUEST而不是$ _POST,你应该考虑使用预处理语句或者至少一个mysql_escape_string($ email),并且使用$ password来避免sql注入 – ITroubs 2013-03-18 12:56:15
@ITroubs你说的对,它是这不是一个关于安全性的好例子。我编辑了剧本来迎合这一点。 – Janatan 2013-03-18 14:07:37