1. 首页
  2. 问答
  3. PHP登录表单错误

PHP登录表单错误

2015-02-24 289 views
1

这是事情: 我创建了一个登录表单,检查用户是管理员还是成员 ,然后将其重定向到正确的页面。 它运作良好。PHP登录表单错误

当用户输入不正确的用户并通过 登录页面进入某种循环时,问题就开始了。

我做错了什么?

感谢你的帮助 的login.php:

<?php 
session_start(); // Starting Session 
$error=''; // Variable To Store Error Message 
if (isset($_POST['submit'])) { 
if (empty($_POST['username']) || empty($_POST['password'])) { 
$error = "חלק מהנתונים שסופקו, שגויים."; 
} 
else 
{ 
// Define $username and $password 
$username=$_POST['username']; 
$password=$_POST['password']; 
// Establishing Connection with Server by passing server_name, user_id and password as a parameter 
include "config.php"; 
// To protect MySQL injection for Security purpose 
$username = stripslashes($username); 
$password = stripslashes($password); 
$username = mysql_real_escape_string($username); 
$password = mysql_real_escape_string($password); 
// Selecting Database 
$tbl_name="users"; 
//$db = mysql_select_db($tbl_name, $conn); 
// SQL query to fetch information of registerd users and finds user match. 
$query = mysql_query("select * from $tbl_name where userpassword='$password' AND username='$username'", $conn); 
$rows = mysql_num_rows($query); 
$dbdata = mysql_fetch_array($query) or die(mysql_error()); 

if ($rows == 1) { 
$flag = $dbdata['admin']; 
if ($flag == 1) { 
$_SESSION['login_user']=$username; // Initializing Session 
header("location: index.php"); // Redirecting To Other Page 
} elseif($flag == 0){ 
$_SESSION['login_user']=$username; // Initializing Session 
header("location: user.php"); // Redirecting To Other Page 
} else{ 
session_destroy(); 
header("location: errorlog.php"); 
}} 
mysql_close($conn); // Closing Connection 
}} 
?> 
<!DOCTYPE html> 
<html dir="rtl" lang="he"> 
<head> 
<title>המסלקה| כניסת סוכנים</title> 
<link href="../css/adminstyle.css" rel="stylesheet" type="text/css"> 
<link href="login.css" rel="stylesheet" type="text/css"> 
</head> 
<body> 
<div id="main"> 
<h1>ברוכים הבאים</h1> 
<div id="login"> 
<h2>מלא טופס זה על מנת להיכנס</h2> 
<form action="" method="post"> 
<label>שם משתמש :</label> 
<input id="name" name="username" placeholder="באותיות ומספרים" type="text"> 
<label>סיסמה :</label> 
<input id="password" name="password" placeholder="**********" type="password"> 
<input name="submit" type="submit" value=" התחבר "> 
<span><?php echo $error; ?></span> 
</form> 
</div> 
</div> 
</body> 
</html>

来源

2015-02-24 Phoenix Harmony

+0

什么问题开始了?我们需要更好地描述你的问题。 – mccainz 2015-02-24 14:17:46

+0

在浏览器开发者视图(Firefox其他Chrome浏览器)中运行它,查看网络面板以及浏览器看到/做什么? – simbo1905 2015-02-24 14:20:10

回答

1

尝试使用后的头函数退出,因为重定向后没有退出,脚本会继续执行:

<?php 
session_start(); // Starting Session 
$error=''; // Variable To Store Error Message 
if (isset($_POST['submit'])) { 
if (empty($_POST['username']) || empty($_POST['password'])) { 
$error = "חלק מהנתונים שסופקו, שגויים."; 
} 
else 
{ 
// Define $username and $password 
$username=$_POST['username']; 
$password=$_POST['password']; 
// Establishing Connection with Server by passing server_name, user_id and password as a parameter 
include "config.php"; 
// To protect MySQL injection for Security purpose 
$username = stripslashes($username); 
$password = stripslashes($password); 
$username = mysql_real_escape_string($username); 
$password = mysql_real_escape_string($password); 
// Selecting Database 
$tbl_name="users"; 
//$db = mysql_select_db($tbl_name, $conn); 
// SQL query to fetch information of registerd users and finds user match. 
$query = mysql_query("select * from $tbl_name where userpassword='$password' AND username='$username'", $conn); 
$rows = mysql_num_rows($query); 
$dbdata = mysql_fetch_array($query) or die(mysql_error()); 

if ($rows == 1) { 
$flag = $dbdata['admin']; 
if ($flag == 1) { 
$_SESSION['login_user']=$username; // Initializing Session 
header("location: index.php");exit; // Redirecting To Other Page 
} elseif($flag == 0){ 
$_SESSION['login_user']=$username; // Initializing Session 
header("location: user.php");exit; // Redirecting To Other Page 
} else{ 
session_destroy(); 
header("location: errorlog.php");exit; 
}} 
mysql_close($conn); // Closing Connection 
}} 
?>

也使确保您的脚本中启用了错误报告功能:

<?php 
// Turn off error reporting 
error_reporting(0); 

// Report runtime errors 
error_reporting(E_ERROR | E_WARNING | E_PARSE); 

// Report all errors 
error_reporting(E_ALL); 

// Same as error_reporting(E_ALL); 
ini_set("error_reporting", E_ALL); 

// Report all errors except E_NOTICE 
error_reporting(E_ALL & ~E_NOTICE); 
?>

来源

2015-02-24 14:25:58 Whirlwind

0

,你有一个不正确的用户名/密码

if ($rows == 1) {

将是错误的。 您发现了一条不正确的标志,但在此if语句中没有else

,如果你希望它破坏了会议和头部到错误页面添加

session_destroy(); 
header("location: errorlog.php");

到该组的其他人。否则写入$error变量如:

$error='username or password not recognised';

来源

2015-02-24 14:26:25 Collett89

0

您检查用于检查用户是否存在错误是错误的。如果用户不存在,则mysql_num_rows($query)返回FALSE。 您的if (row == 1)之后的额外else声明。 检查是否$rows === false并相应地重定向。

因此,在你的if之前添加这个就足够了。 (插入前if(row==1)

if($rows === false){ 
    session_destroy(); 
    header("location: errorlog.php"); 
}

来源

2015-02-24 14:32:19 Chief

相关问题

 相关问题