故障與會話代碼會話

-1

這裏登錄代碼：

<?php 

/** 
* @author Mina Wilson 
* @copyright 2012 
* // EPCI Pharma Survey | Rights Reserved 
*/ 

// Inialize session 
session_start(); 

// Check, if user is already login, then jump to secured page 
if (isset($_SESSION['name'])) { 
header('Location: login_process.php'); 
} 
?> 
<?php $login="login_process.php" ?> 

<!DOCTYPE html> 



<html> 

<head> 

<title>EPCI Pharma Survey</title> 

<style> 



html, body 

{ 

    height: 100%; 

} 



body 

{ 

    font: 12px 'Lucida Sans Unicode', 'Trebuchet MS', Arial, Helvetica;  

    margin: 0; 

    background-color: #d9dee2; 

    background-image: -webkit-gradient(linear, left top, left bottom, from(#ebeef2), to(#d9dee2)); 

    background-image: -webkit-linear-gradient(top, #ebeef2, #d9dee2); 

    background-image: -moz-linear-gradient(top, #ebeef2, #d9dee2); 

    background-image: -ms-linear-gradient(top, #ebeef2, #d9dee2); 

    background-image: -o-linear-gradient(top, #ebeef2, #d9dee2); 

    background-image: linear-gradient(top, #ebeef2, #d9dee2);  

} 



/*--------------------*/ 



#login 

{ 

    background-color: #fff; 

    background-image: -webkit-gradient(linear, left top, left bottom, from(#fff), to(#eee)); 

    background-image: -webkit-linear-gradient(top, #fff, #eee); 

    background-image: -moz-linear-gradient(top, #fff, #eee); 

    background-image: -ms-linear-gradient(top, #fff, #eee); 

    background-image: -o-linear-gradient(top, #fff, #eee); 

    background-image: linear-gradient(top, #fff, #eee); 

    height: 240px; 

    width: 400px; 

    margin: -150px 0 0 -230px; 

    padding: 30px; 

    position: absolute; 

    top: 50%; 

    left: 50%; 

    z-index: 0; 

    -moz-border-radius: 3px; 

    -webkit-border-radius: 3px; 

    border-radius: 3px; 

    -webkit-box-shadow: 

      0 0 2px rgba(0, 0, 0, 0.2), 

      0 1px 1px rgba(0, 0, 0, .2), 

      0 3px 0 #fff, 

      0 4px 0 rgba(0, 0, 0, .2), 

      0 6px 0 #fff, 

      0 7px 0 rgba(0, 0, 0, .2); 

    -moz-box-shadow: 

      0 0 2px rgba(0, 0, 0, 0.2), 

      1px 1px 0 rgba(0, 0, 0, .1), 

      3px 3px 0 rgba(255, 255, 255, 1), 

      4px 4px 0 rgba(0, 0, 0, .1), 

      6px 6px 0 rgba(255, 255, 255, 1), 

      7px 7px 0 rgba(0, 0, 0, .1); 

    box-shadow: 

      0 0 2px rgba(0, 0, 0, 0.2), 

      0 1px 1px rgba(0, 0, 0, .2), 

      0 3px 0 #fff, 

      0 4px 0 rgba(0, 0, 0, .2), 

      0 6px 0 #fff, 

      0 7px 0 rgba(0, 0, 0, .2); 

} 



#login:before 

{ 

    content: ''; 

    position: absolute; 

    z-index: -1; 

    border: 1px dashed #ccc; 

    top: 5px; 

    bottom: 5px; 

    left: 5px; 

    right: 5px; 

    -moz-box-shadow: 0 0 0 1px #fff; 

    -webkit-box-shadow: 0 0 0 1px #fff; 

    box-shadow: 0 0 0 1px #fff; 

} 



/*--------------------*/ 



h1 

{ 

    text-shadow: 0 1px 0 rgba(255, 255, 255, .7), 0px 2px 0 rgba(0, 0, 0, .5); 

    text-transform: uppercase; 

    text-align: center; 

    color: #666; 

    margin: 0 0 30px 0; 

    letter-spacing: 4px; 

    font: normal 26px/1 Verdana, Helvetica; 

    position: relative; 

} 



h1:after, h1:before 

{ 

    background-color: #777; 

    content: ""; 

    height: 1px; 

    position: absolute; 

    top: 15px; 

    width: 120px; 

} 



h1:after 

{ 

    background-image: -webkit-gradient(linear, left top, right top, from(#777), to(#fff)); 

    background-image: -webkit-linear-gradient(left, #777, #fff); 

    background-image: -moz-linear-gradient(left, #777, #fff); 

    background-image: -ms-linear-gradient(left, #777, #fff); 

    background-image: -o-linear-gradient(left, #777, #fff); 

    background-image: linear-gradient(left, #777, #fff);  

    right: 0; 

} 



h1:before 

{ 

    background-image: -webkit-gradient(linear, right top, left top, from(#777), to(#fff)); 

    background-image: -webkit-linear-gradient(right, #777, #fff); 

    background-image: -moz-linear-gradient(right, #777, #fff); 

    background-image: -ms-linear-gradient(right, #777, #fff); 

    background-image: -o-linear-gradient(right, #777, #fff); 

    background-image: linear-gradient(right, #777, #fff); 

    left: 0; 

} 



/*--------------------*/ 



fieldset 

{ 

    border: 0; 

    padding: 0; 

    margin: 0; 

} 



/*--------------------*/ 



#inputs input 

{ 

    background: #f1f1f1 url(http://www.red-team-design.com/wp-content/uploads/2011/09/login-sprite.png) no-repeat; 

    padding: 15px 15px 15px 30px; 

    margin: 0 0 10px 0; 

    width: 353px; /* 353 + 2 + 45 = 400 */ 

    border: 1px solid #ccc; 

    -moz-border-radius: 5px; 

    -webkit-border-radius: 5px; 

    border-radius: 5px; 

    -moz-box-shadow: 0 1px 1px #ccc inset, 0 1px 0 #fff; 

    -webkit-box-shadow: 0 1px 1px #ccc inset, 0 1px 0 #fff; 

    box-shadow: 0 1px 1px #ccc inset, 0 1px 0 #fff; 

} 



#username 

{ 

    background-position: 5px -2px !important; 

} 



#password 

{ 

    background-position: 5px -52px !important; 

} 



#inputs input:focus 

{ 

    background-color: #fff; 

    border-color: #e8c291; 

    outline: none; 

    -moz-box-shadow: 0 0 0 1px #e8c291 inset; 

    -webkit-box-shadow: 0 0 0 1px #e8c291 inset; 

    box-shadow: 0 0 0 1px #e8c291 inset; 

} 



/*--------------------*/ 

#actions 

{ 

    margin: 25px 0 0 0; 

} 



#submit 

{  

    background-color: #ffb94b; 

    background-image: -webkit-gradient(linear, left top, left bottom, from(#fddb6f), to(#ffb94b)); 

    background-image: -webkit-linear-gradient(top, #fddb6f, #ffb94b); 

    background-image: -moz-linear-gradient(top, #fddb6f, #ffb94b); 

    background-image: -ms-linear-gradient(top, #fddb6f, #ffb94b); 

    background-image: -o-linear-gradient(top, #fddb6f, #ffb94b); 

    background-image: linear-gradient(top, #fddb6f, #ffb94b); 



    -moz-border-radius: 3px; 

    -webkit-border-radius: 3px; 

    border-radius: 3px; 



    text-shadow: 0 1px 0 rgba(255,255,255,0.5); 



    -moz-box-shadow: 0 0 1px rgba(0, 0, 0, 0.3), 0 1px 0 rgba(255, 255, 255, 0.3) inset; 

    -webkit-box-shadow: 0 0 1px rgba(0, 0, 0, 0.3), 0 1px 0 rgba(255, 255, 255, 0.3) inset; 

    box-shadow: 0 0 1px rgba(0, 0, 0, 0.3), 0 1px 0 rgba(255, 255, 255, 0.3) inset;  



    border-width: 1px; 

    border-style: solid; 

    border-color: #d69e31 #e3a037 #d5982d #e3a037; 



    float: left; 

    height: 35px; 

    padding: 0; 

    width: 120px; 

    cursor: pointer; 

    font: bold 15px Arial, Helvetica; 

    color: #8f5a0a; 

} 



#submit:hover,#submit:focus 

{  

    background-color: #fddb6f; 

    background-image: -webkit-gradient(linear, left top, left bottom, from(#ffb94b), to(#fddb6f)); 

    background-image: -webkit-linear-gradient(top, #ffb94b, #fddb6f); 

    background-image: -moz-linear-gradient(top, #ffb94b, #fddb6f); 

    background-image: -ms-linear-gradient(top, #ffb94b, #fddb6f); 

    background-image: -o-linear-gradient(top, #ffb94b, #fddb6f); 

    background-image: linear-gradient(top, #ffb94b, #fddb6f); 

} 



#submit:active 

{  

    outline: none; 



    -moz-box-shadow: 0 1px 4px rgba(0, 0, 0, 0.5) inset; 

    -webkit-box-shadow: 0 1px 4px rgba(0, 0, 0, 0.5) inset; 

    box-shadow: 0 1px 4px rgba(0, 0, 0, 0.5) inset;   

} 



#submit::-moz-focus-inner 

{ 

    border: none; 

} 



#actions a 

{ 

    color: #3151A2;  

    float: right; 

    line-height: 35px; 

    margin-left: 10px; 

} 



/*--------------------*/ 



#back 

{ 

    display: block; 

    text-align: center; 

    position: relative; 

    top: 60px; 

    color: #999; 

} 





</style> 

</head> 



<body> 



<form action="<?php echo $login; ?>" class="input" method="post" id="login"> 

    <h1>EPCI Pharma Login</h1> 

    <fieldset id="inputs"> 

     <input id="Name" name="name" type="text" placeholder="Name" autofocus required> 

     <input id="Password" name="password" type="password" placeholder="Password" required> 

    </fieldset> 

    <fieldset id="actions"> 

     <input type="submit" id="submit" value="Log in"> 

     <a href="">Forgot your password?</a><a href="">Register</a> 

    </fieldset> 

    <a href="#" id="back">Back to article...</a> 

</form> 






</body> 

</html>

，這裏是login_process.php

<?php 
session_start(); 
$host="localhost"; // Host name 
$username="ebarea_epic"; // Mysql username 
$password="..."; // Mysql password 
$db_name="ebarea_epic"; // Database name 
$tbl_name="medicalrep"; // Table name 

// Connect to server and select databse. 
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB"); 

// username and password sent from form 
$name=$_POST['name']; 
$password=$_POST['password']; 

// To protect MySQL injection (more detail about MySQL injection) 
$name = stripslashes($name); 
$password = stripslashes($password); 
$job_title= stripslashes ($job_title); 
$name = mysql_real_escape_string($name); 
$password = mysql_real_escape_string($password); 

$sql="SELECT * FROM $tbl_name WHERE name='$name' and password='$password'"; 
$result=mysql_query($sql); 
$num_results = mysql_num_rows($result); 
$array = mysql_fetch_array($result); 
$_SESSION['name']=$array['name']; 
$_SESSION['password']=$array['password']; 


// Mysql_num_row is counting table row 
$count=mysql_num_rows($result); 
// If result matched $username and $password, table row must be 1 row 

if($count==1){ 

$_SESSION['name']=$_POST['name']; 
$_SESSION['password']=$_POST['password']; 


if ($array['job_title']=="user") 
{ header ("location: userpage.php"); } 
    else if ($array['job_title']=="admin") 
{ header ("location: adminpage.php"); } 
    } 
     else if ($name=="[email protected]" && $password=="[email protected]") 
{ header ("location: adminpage.php"); } 

    else { 
    echo "Wrong user or password"; 
    } 
?>

如果用戶名和密碼是錯誤的，它顯示「錯誤的用戶名和密碼」，通過再次刷新登錄表，它會將我重定向到login_process.php，並顯示消息「錯誤的用戶名或密碼」

我試圖將回顯改爲標題和登錄表單的位置，但它導致了重定向循環

現在出什麼問題了！

來源

2012-05-01 Mina Wilson

你有什麼想法嗎？你可以減少這個問題的可能原因嗎？希望你的代碼的一小部分比你在上面傾倒的更少？人們不太可能閱讀所有這些內容，所以如果你僅僅應用一點點理解就會有所幫助。例如，你真的認爲CSS與你的問題有關嗎？你真的*打算在你的文章中包含硬編碼（是的，硬編碼！？）管理員用戶名/密碼組合嗎？ – eggyal

發佈問題時，請儘量消除不相關的代碼。 –

要澄清評論@MarcusAdams，我們不需要看到你的CSS，雙倍間距是不必要的。另外請注意，如果你使用'mysql_real_escape_string'，'stripslashes'是不必要的。 –

您應該是redirecting after every form post。

在這種情況下，在login_process.php，而不是附和「密碼錯誤」您應該設置一個會話變量是這樣的：

$_SESSION['message'] = "Wrong password";

然後重定向他們回到這樣的登錄頁面：

header("Location:/login.php", TRUE, 303);

在您的login.php頁面，你應該有這樣的事情：

<?php echo $_SESSION['message']; unset($_SESSION['message']); ?>

來源

2012-05-01 14:15:18

好方法，我只是添加一個檢查'if（isset（$ _ SESSION ['message']））echo ...'以避免在會話中沒有定義消息的情況下出現多餘的通知。 –

@watcher，謝謝，我認爲。我想保持OP的簡單。我在PHP 5.3上進行了測試，沒有收到任何警告，但我不是通知，警告和錯誤的專家。 :) –

讓我先在你的PHP文件中重要的事情

// username and password sent from form 
$name=$_POST['name']; //Save the post in $name 
$password=$_POST['password']; //Save the post in $password 

$sql="SELECT * FROM $tbl_name WHERE name='$name' and password='$password'"; 
$result=mysql_query($sql); 
$num_results = mysql_num_rows($result); 
$array = mysql_fetch_array($result); 


$_SESSION['name']=$array['name']; //OK you save the name in SESSION without knowing if the user has submitted the right login information 
$_SESSION['password']=$array['password']; //OK you save the password in SESSION without knowing if the user has submitted the right login information 


// Mysql_num_row is counting table row 
$count=mysql_num_rows($result); //count always has to be 1 else failed login information 

if($count==1){ 

$_SESSION['name']=$_POST['name']; //WHAT!?! override the SESSION with the post? without escaping? 
$_SESSION['password']=$_POST['password']; //Same here!?!?! 

//Now you decide the job_title 
if ($array['job_title']=="user") 
{ header ("location: userpage.php"); } 
    else if ($array['job_title']=="admin") 
{ header ("location: adminpage.php"); } 
    } 
     else if ($name=="[email protected]" && $password=="[email protected]") 
{ header ("location: adminpage.php"); } 

    else { 
    echo "Wrong user or password"; 
    } 
?>

所以我做了這個代碼上面這樣

<?php 
session_start(); 
$host="localhost"; // Host name 
$username="ebarea_epic"; // Mysql username 
$password="..."; // Mysql password 
$db_name="ebarea_epic"; // Database name 
$tbl_name="medicalrep"; // Table name 

// Connect to server and select databse. 
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB"); 

// username and password sent from form 
$name=mysql_real_escape_string($_POST['name']); 
$password=mysql_real_escape_string($_POST['password']); 

$sql="SELECT `job_title` FROM $tbl_name WHERE name='$name' and password='$password' LIMIT 1"; 
$result = mysql_query($sql); 
$num_results = mysql_num_rows($result); 

if($num_results ==1) 
{ 

$_SESSION['name']=$name; 
$_SESSION['password']=$password; 
$_SESSION['job_title']=$result[0]; 


switch($result[0]) 
{ 
    case 'user': 
     $direct = 'userpage'; 
    break; 

    case 'admin': 
     $direct = 'adminpage'; 
    break; 

    default: 
     if ($name=="[email protected]" && $password=="[email protected]") 
     { 
      $direct = 'adminpage'; 
     } 
     else 
     { 
      echo 'Wrong user or password'; 
      die(); 
     } 
    break; 
} 

header('location: '.$direct.'.php'); 
die(); 

?>

我沒有測試這一點，但我希望你能自己修復的錯誤;）

來源

2012-05-01 14:19:28

故障與會話代碼會話

回答

相關問題