1. 首頁
  2. 問答
  3. 提交後登錄

提交後登錄

2016-04-01 115 views
0

我有以下的HTML文件,用戶將輸入他們的用戶名和密碼,然後單擊提交按鈕。提交後登錄

<form Name ="form1" Method ="POST" ACTION = "userlogin.php" id="form1"> 
    <div id="main_body" class="full-width"> 
     <label>Username:</label> 
     <input type = "text" 
       id = "usernameLogin" 
       name="pat_username"> 
     <label>Password:</label> 
     <input type = "password" 
       id = "passwordLogin" 
       name="pat_password"> 
     <input type="submit" onclick="click_button_login()" value="Login" name="submit" id="submit"/> 
    </div> 
</form>

PHP文件應該連接到我的數據庫並檢查輸入的用戶詳細信息是否正確。數據庫連接在那裏,因爲我以前測試過。一旦用戶點擊提交按鈕會出現這樣的錯誤:Cannot POST /http-services/emulator-webserver/ripple/userapp/x/C/xampp/htdocs/xampp/glove_project_php/www/userlogin.php

<?php 
if(isset($_POST["submit"])){ 
    $servername = "localhost"; 
    $username = "root"; 
    $password = ""; 
    $dbname = "dbname"; 

    // Create connection 
    $conn = new mysqli($servername, $username, $password, $dbname); 

    //Check connection 
    if ($conn->connect_error) { 
     die("Connection failed: " . $conn->connect_error); 
    } 


    $newUsername = mysqli_real_escape_string($conn, $_POST['pat_username']); 
    $newPassword = mysqli_real_escape_string($conn, $_POST['pat_password']); 

    $result = $conn->query("SELECT * FROM tablename WHERE patient_username ='$newUsername' AND patient_password='$newPassword'"); 



    if (mysqli_num_rows($result)) { 
     header("Location: mainmenu.html");  
    } 
    else 
    {  
     header("Location: index.html"); 

    } 
    $conn->close(); 
} 
?>

有沒有調用這個PHP文件到模擬器上進行工作以不同的方式?這段代碼在localhost上完美工作。

來源

2016-04-01 user20051996

+1

例如[你的腳本是對SQL注入攻擊的風險。(http://stackoverflow.com/questions/60174/how-can- i-prevent-sql -injection-in-php)瞭解[MySQLi]的[準備](http://en.wikipedia.org/wiki/Prepared_statement)聲明(http://php.net/manual/en/) mysqli.quickstart.prepared-statements.php)。 –

+0

請使用PHP的[內置函數](http://jayblanchard.net/proper_password_hashing_with_PHP.html)來處理密碼安全性。如果您使用的PHP版本低於5.5,則可以使用'password_hash()'[兼容包](https://github.com/ircmaxell/password_compat)。 –

回答

0

你爲什麼要檢查$ _POST超全局中是否存在$ _POST [「submit」]?我相信,如果你發送的變量的設置,你應該檢查:

變化:

if(isset($_POST["submit"]))

到:

if ((isset($_POST["pat_username"]))&&(isset($_POST["pat_password"])))

,讓我知道如果錯誤仍然存​​在。

來源

2016-04-01 19:21:46 Webeng

+0

我認爲當表單提交時,請檢查PHP代碼。我改變了這一行,但我仍然收到相同的錯誤:(我一直堅持這個老年人 – user20051996

+0

@ user20051996我建議你做以下事情:創建一個名爲「userlogin2.php」的新頁面,改變ACTION =「userlogin。 php「到ACTION =」userlogin2.php「,然後在userLogin2.php中輸入: <?php echo」username:「。$ _ POST [」pat_username「]。」
「;?>你現在要做的是調試你有什麼錯誤,當你有整個頁面充滿了可能會失敗的代碼時,它更容易一次測試1件事情。如果userlogin2.php失敗,那麼你縮小了問題的可能性,並且如果它不'你知道問題在於你的代碼的另一部分 – Webeng

+0

我會在哪裏放''?php echo「username:」。$ _ POST [「pat_username」]。「
」;?>'? – user20051996

0 
Your form, you should working on security and eliminating auto submission, this eliminates auto submission as form contains SESSION_ID() which are unique on web browsing session. 

    <Form Name ="form1" Method ="POST" ACTION = "userlogin.php" id="form1"> 
    <div id="main_body" class="full-width"> 
     <br> 
     <br>      
        <label>Username:</label> 
        <input type = "text" 
          id = "usernameLogin" 
          name="pat_username"> <br> 

       <br> <label>Password:</label> 
        <input type = "password" 
          id = "passwordLogin" 
          name="pat_password"> <br><button value="<?php echo session_id() ?>" type="submit" name="login_check">Login</button> 

    </div> 
    </Form>

//您的登錄檢查頁面存在太多安全隱患。密碼應該被加密。請使用SALT,hash/md5/sha for 加密。同時還爲查詢中使用的sprintf因爲這樣它只是一個雖然

##SPRINTF EXAMPLE CODE 
    //$query = sprintf('SELECT * FROM TABLE WHERE username = "%s" AND password = "%s"',mysql_real_escape_string($username),mysql_real_escape_string($password)); 

    #### EXAMPLE END HERE## 

    <?php 
    if(isset($_POST["login_check"]) && $_POST['login_check']==session_id()){ 
    $servername = "localhost"; 
    $username = "root"; 
    $password = ""; 
    $dbname = "dbname"; 

    // Create connection 
    $conn = new mysqli($servername, $username, $password, $dbname); 

    //Check connection 
    if ($conn->connect_error) { 
    die("Connection failed: " . $conn->connect_error); 
    } 


$newUsername = mysqli_real_escape_string($conn, $_POST['pat_username']); 
$newPassword = mysqli_real_escape_string($conn, $_POST['pat_password']); 

$result = $conn->query("SELECT * FROM tablename WHERE patient_username ='$newUsername' AND patient_password='$newPassword'"); 



if (mysqli_num_rows($result)) { 
    header("Location: mainmenu.html");  
} 
else 
{  
    header("Location: index.html"); 

} 
$conn->close(); 
} 
?>

來源

2016-04-01 20:10:37 Ash

+0

嗨非常感謝你的幫助,雖然我仍然有同樣的問題:不能POST/http服務/ emulator-webserver/ripple/userapp/x/C/xampp/htdocs/xampp/glove_project_php/WWW/userlogin.php。有沒有其他建議?這個錯誤一直困擾着我幾周,我似乎無法解決它:( – user20051996

相關問題

 相關問題