1. 首頁
  2. 問答
  3. PHP登錄表單錯誤

PHP登錄表單錯誤

2015-02-24 124 views
1

這是事情: 我創建了一個登錄表單,檢查用戶是管理員還是成員 ,然後將其重定向到正確的頁面。 它運作良好。PHP登錄表單錯誤

當用戶輸入不正確的用戶並通過 登錄頁面進入某種循環時,問題就開始了。

我做錯了什麼?

感謝你的幫助 的login.php:

<?php 
session_start(); // Starting Session 
$error=''; // Variable To Store Error Message 
if (isset($_POST['submit'])) { 
if (empty($_POST['username']) || empty($_POST['password'])) { 
$error = "חלק מהנתונים שסופקו, שגויים."; 
} 
else 
{ 
// Define $username and $password 
$username=$_POST['username']; 
$password=$_POST['password']; 
// Establishing Connection with Server by passing server_name, user_id and password as a parameter 
include "config.php"; 
// To protect MySQL injection for Security purpose 
$username = stripslashes($username); 
$password = stripslashes($password); 
$username = mysql_real_escape_string($username); 
$password = mysql_real_escape_string($password); 
// Selecting Database 
$tbl_name="users"; 
//$db = mysql_select_db($tbl_name, $conn); 
// SQL query to fetch information of registerd users and finds user match. 
$query = mysql_query("select * from $tbl_name where userpassword='$password' AND username='$username'", $conn); 
$rows = mysql_num_rows($query); 
$dbdata = mysql_fetch_array($query) or die(mysql_error()); 

if ($rows == 1) { 
$flag = $dbdata['admin']; 
if ($flag == 1) { 
$_SESSION['login_user']=$username; // Initializing Session 
header("location: index.php"); // Redirecting To Other Page 
} elseif($flag == 0){ 
$_SESSION['login_user']=$username; // Initializing Session 
header("location: user.php"); // Redirecting To Other Page 
} else{ 
session_destroy(); 
header("location: errorlog.php"); 
}} 
mysql_close($conn); // Closing Connection 
}} 
?> 
<!DOCTYPE html> 
<html dir="rtl" lang="he"> 
<head> 
<title>המסלקה| כניסת סוכנים</title> 
<link href="../css/adminstyle.css" rel="stylesheet" type="text/css"> 
<link href="login.css" rel="stylesheet" type="text/css"> 
</head> 
<body> 
<div id="main"> 
<h1>ברוכים הבאים</h1> 
<div id="login"> 
<h2>מלא טופס זה על מנת להיכנס</h2> 
<form action="" method="post"> 
<label>שם משתמש :</label> 
<input id="name" name="username" placeholder="באותיות ומספרים" type="text"> 
<label>סיסמה :</label> 
<input id="password" name="password" placeholder="**********" type="password"> 
<input name="submit" type="submit" value=" התחבר "> 
<span><?php echo $error; ?></span> 
</form> 
</div> 
</div> 
</body> 
</html>

來源

2015-02-24 Phoenix Harmony

+0

什麼問題開始了?我們需要更好地描述你的問題。 – mccainz 2015-02-24 14:17:46

+0

在瀏覽器開發者視圖(Firefox其他Chrome瀏覽器)中運行它,查看網絡面板以及瀏覽器看到/做什麼? – simbo1905 2015-02-24 14:20:10

回答

1

嘗試使用後的頭函數退出,因爲重定向後沒有退出,腳本會繼續執行:

<?php 
session_start(); // Starting Session 
$error=''; // Variable To Store Error Message 
if (isset($_POST['submit'])) { 
if (empty($_POST['username']) || empty($_POST['password'])) { 
$error = "חלק מהנתונים שסופקו, שגויים."; 
} 
else 
{ 
// Define $username and $password 
$username=$_POST['username']; 
$password=$_POST['password']; 
// Establishing Connection with Server by passing server_name, user_id and password as a parameter 
include "config.php"; 
// To protect MySQL injection for Security purpose 
$username = stripslashes($username); 
$password = stripslashes($password); 
$username = mysql_real_escape_string($username); 
$password = mysql_real_escape_string($password); 
// Selecting Database 
$tbl_name="users"; 
//$db = mysql_select_db($tbl_name, $conn); 
// SQL query to fetch information of registerd users and finds user match. 
$query = mysql_query("select * from $tbl_name where userpassword='$password' AND username='$username'", $conn); 
$rows = mysql_num_rows($query); 
$dbdata = mysql_fetch_array($query) or die(mysql_error()); 

if ($rows == 1) { 
$flag = $dbdata['admin']; 
if ($flag == 1) { 
$_SESSION['login_user']=$username; // Initializing Session 
header("location: index.php");exit; // Redirecting To Other Page 
} elseif($flag == 0){ 
$_SESSION['login_user']=$username; // Initializing Session 
header("location: user.php");exit; // Redirecting To Other Page 
} else{ 
session_destroy(); 
header("location: errorlog.php");exit; 
}} 
mysql_close($conn); // Closing Connection 
}} 
?>

也使確保您的腳本中啓用了錯誤報告功能:

<?php 
// Turn off error reporting 
error_reporting(0); 

// Report runtime errors 
error_reporting(E_ERROR | E_WARNING | E_PARSE); 

// Report all errors 
error_reporting(E_ALL); 

// Same as error_reporting(E_ALL); 
ini_set("error_reporting", E_ALL); 

// Report all errors except E_NOTICE 
error_reporting(E_ALL & ~E_NOTICE); 
?>

來源

2015-02-24 14:25:58 Whirlwind

0

,你有一個不正確的用戶名/密碼

if ($rows == 1) {

將是錯誤的。 您發現了一條不正確的標誌,但在此if語句中沒有else

,如果你希望它破壞了會議和頭部到錯誤頁面添加

session_destroy(); 
header("location: errorlog.php");

到該組的其他人。否則寫入$error變量如:

$error='username or password not recognised';

來源

2015-02-24 14:26:25 Collett89

0

您檢查用於檢查用戶是否存在錯誤是錯誤的。如果用戶不存在,則mysql_num_rows($query)返回FALSE。 您的if (row == 1)之後的額外else聲明。 檢查是否$rows === false並相應地重定向。

因此,在你的if之前添加這個就足夠了。 (插入前if(row==1)

if($rows === false){ 
    session_destroy(); 
    header("location: errorlog.php"); 
}

來源

2015-02-24 14:32:19 Chief

相關問題

 相關問題