PHP：如何编写在登录页面显示错误消息？

Question

我是一个用PHP的noob。我想用php创建一个简单的登录页面，这样如果你输入一个不在数据库中的昵称，它会告诉你，否则它会告诉你密码不正确。我正在使用我的学校服务器，因此有关服务器的某些问题我可能无法回答。最重要的是，我没有权限使用fopen（），因此它是file_put_contents。我甚至不知道这是否会起作用，要么是因为我没有那么做。到目前为止，我有login.php，check.php和numberconverter.php这是一个帮助我将数字转换为字符串的函数。 （在这种情况下，unix时间）。我知道numbercoverter.php从测试工作。

的login.php：

<? 
define('__ROOT__',dirname(dirname(__FILE__))); 
require_once(__ROOT__.'/shopsite/numberconverter.php'); 
echo "<!--root: ".__ROOT__."/shopsite/ -->\n"; 
?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> 
<title>Login to the Shopsite</title> 
<script type="text/css"> 
"error" { 
background-color:#FF; 
color:#FFFFFF; 
} 
</script> 
<script type="text/javascript"> 
<?php 
$nick=""; 
$i=false; 
if(isset($_GLOBALS['file'])) 
{ 
$i=true; 
$nick=file_get_contents("file.txt"); 
$nick=preg_split("^nick:",$nick); 
} 
else 
{ 
$_GLOBALS['file']='file'.convert(time()).'.txt'; 
} 
?> 
functions error(i) 
{ 
if(i) 
{ 
    document.getElementById('error').innerHTML="Nick <?php echo $nick; ?> was not found. Try again or <a href=\"register.php\">register</a>"; 
} 
else 
{ 
    document.getElementById('error').innerHTML="Password incorrect. Try again or <a href=\"register.php\">register</a>"; 
} 
} 
//--> 
</script> 
</head> 
<body <?php if($i) { echo "onload=\"error(".((strlen($nick[0])<0) ? 1 : 0).")\""; }?> > 
<p id="error"></p> 
<?php 
$chk = time(); 
echo "File name: ".$_GLOBALS['file']."\n"; 
echo "unix time raw: ".$chk."\n"; 
echo "unix time converted: ".convert($chk)."\n"; 
?> 
<form id="form" action="check.php" method="post"> 
<p>username: <input type="text" name="nick" id="nick" /></p> 
<p>password: <input type="text" name="pass" id="pass" /></p> 
<input type="submit" value="Log in"/> 
</form> 
</body> 
</html> 

check.php：

<?php 
$c = mysql_pconnect("localhost","hehe","hehe"); 
mysql_select_db("test",$c); 
$r = mysql_query(sprintf("select * from UserTable where (nick=(\"%s\") AND pass=SHA1(\"%s\"))",$_POST['nick'],$_POST['pass']),$c) or die("something wrong with mysql,1"); 
if(mysql_num_rows($r)==0) 
{ 
$testn = mysql_query(sprintf("select * from UserTable where nick=(\"%s\")",$_POST['nick']),$c) or die("something wrong with mysql,2"); 
if(mysql_num_rows($testn)==0) 
{ 
    //file_put_contents($_GLOBALS['file'],"nick:".$_POST['nick']);// 
    file_put_contents('test.txt',"nick"); 
} 
else 
{ 
    //file_put_contents($_GLOBALS['file'],"pass"); 
    file_put_contents('test.txt',"pass"); 
} 
mysql_close($c); 
header("Location:http://cs4.sunyocc.edu/~j.d.dancks/shopsite/login.php"); 
} 
else 
{ 
mysql_close($c); 
session_start(); 
$_SESSION['nick'] = $_POST['nick']; 
$_SESSION['email'] = $_POST['email']; 
} 
?> 

Answer 1

确定。我想再次滚动球，并获得人们的意见。显然我不能做mysqli，因为即使它的4.3.2我猜它没有安装或什么的。的phpinfo：cs4.sunyocc.edu/~jddancks/info.php无论如何，这里是我的尝试：

<? 
session_start(); 
?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> 
<title>Login to the Shopsite</title> 
<script type="text/css"> 
"error" { 
     background-color:#FF; 
     color:#FFFFFF; 
} 
"attempts" { 
     color:#FF; 
} 
</script> 
<script type="text/javascript"> 
function errorfunc() 
{ 
     <?php 
     if(isset($_SESSION['msg'])) 
     { 
      echo "document.getElementById(\'error\').innerHTML=".$_SESSION['msg']; 
     } 
     if(isset($_SESSION['attempts'])) 
     { 
      echo "document.getElementById(\'attempts\').innerHTML=".$_SESSION['attempts']."Of 5 login attempts used."; 
     } 
     ?> 
} 
//--> 
</script> 
</head> 
<body onload="errorfunc()"> 
<?php 
     $ok = true; 
     if(isset($_SESSION['attempts'])) 
     { 
      if($_SESSION['attempts']>=5) 
      { 
       echo "<h1>YOU HAVE MAXED OUT YOUR LOGIN ATTEMPTS. COME BACK ANOTHER DAY</h1>"; 
       $ok = false; 
      } 
     } 
     if($ok) 
     { 
       echo "<p id=\"error\"></p>\n 
       <p id=\"attempts\"></p>\n 
       <form id=\"form\" action=\"check.php\" method=\"post\">\n 
       <p>username: <input type=\"text\" name=\"nick\" id=\"nick\" /></p>\n 
       <p>password: <input type=\"text\" name=\"pass\" id=\"pass\" /></p>\n 
       <input type=\"submit\" value=\"Log in\"/>\n 
       </form>\n"; 
     } 
?> 
</body> 
</html> 

和check.php：

<?php 
session_start(); 
$c = new mysqli("localhost","jddancks","zomglol","test"); 
if($c->connect_errno()) 
{ 
     echo "Something is wrong with the mysql connection. To DREAMWEAVER!"; 
} 
else 
{ 
    $r = $c->query(sprintf($c,"select * from UserTable where (nick=(\"%s\") AND pass=SHA1(\"%s\"))",$_POST['nick'],$_POST['pass'])); 
    if($r->num_rows==0) 
    { 
       $testn = $c->query(sprintf($c,"select * from UserTable where nick=(\"%s\")",$_POST['nick']),$c); 
     if($testn->num_rows()==0) 
     { 
        $_SESSION['msg'] = "Nick ".$_POST['nick']."was not found. Check spelling or <a href=\"register.php\">register</a>"; 
     } 
     else 
     { 
       $_SESSION['msg'] = "Password incorrect"; 
     } 
     $r->close(); 
     $testn->close(); 
     if(!isset($_SESSION['attempts'])) 
     { 
        $_SESSION['attempts'] = $_SESSION['attempts'] + 1; 
     } 
     else 
     { 
       $_SESSION['attempts'] = 1; 
     } 
     $c->close(); 
     header("Location:http://cs4.sunyocc.edu/~j.d.dancks/shopsite/login.php"); 
    } 
    else 
    { 
      $c->close(); 
     session_start(); 
     $_SESSION['nick'] = $_POST['nick']; 
     $_SESSION['email'] = $_POST['email']; 
     header("Location:http://cs4.sunyocc.edu/~j.d.dancks/shopsite/success.html"); 
    } 
} 
?> 

我唯一担心的是，所有的人都有要做的是删除网站的cookie，以尝试继续暴力破解密码，所以也许我应该记录＃登录尝试到一个SQL表。