0
我有一個基本的登錄/註冊表單。當你選擇註冊時,它會轉到我的註冊表單上。我的問題是與登錄。我想檢查我的數據庫中的登錄信息,然後顯示不同的標題部分。我是一名學生,對於如何做到這一點的所有不同信息感到困惑。從JavaScript運行php提交從HTML表格
目前,我在點擊登錄時調用了一個javascript函數,但後來我想調用我的php文件access.php,返回我的html頁面index.php,我想檢查用戶是否登錄,如果是的話顯示logged_in.html.php。
login_register_form.html.php
<div id="login_form">
<form action="access.php" method="POST" name="login_form">
<label id="label_email">Email<span class ="red">*</span></label>
<label id="label_password">Password<span class ="red">*</span></label>
</br>
<input type="text" name="email" id="email"/>
<input type="password" name="password" id="password"/>
<div id="form_buttons">
<button onclick="loginUser()" Type="button" id="login" name="action" value="login">Login</button>
<button onclick="newUser()" Type="button" id="register" name="register">Register</button>
</div>
</form>
的javascript
function loginUser() {
$.ajax({
url: 'access.php',
dataType: 'php'
})
window.location.assign("index.php");
}
access.php
function userIsLoggedIn()
{
if (isset($_POST['action']) and $_POST['action'] == 'login')
{
if (!isset($_POST['email']) or $_POST['email'] == '' or
!isset($_POST['password']) or $_POST['password'] == '')
{
$GLOBALS['loginError'] = 'Please fill in both fields';
return FALSE;
}
if (databaseContainsUser($_POST['email'], $password))
{
session_start();
$_SESSION['loggedIn'] = TRUE;
$_SESSION['email'] = $_POST['email'];
$_SESSION['password'] = $password;
return TRUE;
}
else
{
session_start();
unset($_SESSION['loggedIn']);
unset($_SESSION['email']);
unset($_SESSION['password']);
$GLOBALS['loginError'] =
'The specified email address or password was incorrect.';
return FALSE;
}
}
}
function databaseContainsUser($email, $password)
{
require_once('mysqli_connect.php');
$username = $password = "";
if (isset($_POST["submit"])){
$username = test_input($_POST["username"]);
$password = test_input($_POST["password"]);
}
$query = "SELECT * FROM users
WHERE username='".$_POST['username']."'
AND password = '".($_POST['password'])."'";
$result = mysqli_query($DBConnect, $query) or die();
if (mysqli_num_rows($result) > 0) {
while($row = mysqli_fetch_array($result)) {
echo "<img src={$row["avatar"]} alt='avatar image' />";
}
return TRUE;
}
else {
echo "Invalid login";
return FALSE;
}
}
和的index.php
<?php
session_start();
if (!isset($_SESSION['loggedIn'])){
include 'access.php';
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js"></script>
<script type ="text/javascript" src="functions.js"></script>
</head>
<body>
<div id="body">
<div id="container">
<?php if (!isset($_SESSION['loggedIn'])){
include 'login_register_form.html.php';
}
else {
include 'logged_in.html.php';
}
?>
任何幫助都將不勝感激
**切勿將明文密碼!**請使用PHP的[內置函數(http://jayblanchard.net/proper_password_hashing_with_PHP.html)來處理密碼的安全性。如果您使用的PHP版本低於5.5,則可以使用'password_hash()'[兼容包](https://github.com/ircmaxell/password_compat)。確保你[不要逃避密碼](http://stackoverflow.com/q/36628418/1011527)或在哈希之前使用其他任何清理機制。這樣做*更改密碼並導致不必要的附加編碼。 –
要通過AJAX獲得回報,您必須在PHP中迴應一些內容。 –
[Little Bobby](http://bobby-tables.com/)說[你的腳本存在SQL注入攻擊風險。](http://stackoverflow.com/questions/60174/how-can-i-prevent -sql -injection-in-php)瞭解[MySQLi]的[prepared](http://en.wikipedia.org/wiki/Prepared_statement)語句(http://php.net/manual/en/mysqli.quickstart .prepared-statements.php)。即使[轉義字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! –