-1
我有一個CSS彈出窗口,顯示一個登錄表單。當我嘗試登錄時,只是重新加載頁面,彈出窗口再次出現。CSS popup登錄表單和PHP登錄腳本
下面是打開彈出
<a href="#login_form" class="btn signInBtn">Sign In</a>
鏈接這裏是我的彈出登錄表單的HTML。
<a href="#x" class="overlay" id="login_form"></a>
<div class="popup">
<h2 class="modal-header">Sign In</h2>
<div class="modal-body">
<form class="signIn-form">
<div class="errorMessage alert alert-error" id="errorMsg">
<h4>Whoops</h4>
<p>
<?php echo $errorMsg; ?>
</p>
</div>
<fieldset class="l-formMain">
<ul>
<li>
<label class="applyForm-label" for="email">Email</label>
<input class="applyForm-input required" type="email" id="login_email" placeholder="[email protected]" tabindex="1" />
</li>
<li>
<label class="applyForm-label" for="password">Password</label>
<input class="applyForm-input required" type="password" id="login_password" tabindex="2" />
<span class="forgotPassLi">
<a href="#forgotpass" class="v-secondary" style="position:relative; left:-150px;">Forgot your Password?</a>
</span>
</li>
</ul>
</fieldset>
<div class="modal-buttonHolder">
<input type="submit" class="btn btn-large" id="login" value="Sign In" tabindex="3" />
</div>
</form>
</div>
<a href="#close" class="modal-closeBtn">×</a>
</div>
這是我的PHP:
if(isset($_POST['login'])){
$login_email = $_POST['login_email'];
$login_password = $_POST['login_password'];
// error handling conditional checks go here
if ((!$login_email) || (!$login_password)) {
$errorMsg = 'Please fill in both fields';
} else { // Error handling is complete so process the info if no errors
include 'scripts/connect_to_mysql.php'; // Connect to the database
$email = mysql_real_escape_string($login_email); // After we connect, we secure the string before adding to query
$pass = md5($login_password); // Add MD5 Hash to the password variable they supplied after filtering it
// Make the SQL query
$sql = "SELECT * FROM members WHERE email='$email' AND password='$password' AND email_activated='1'";
$result = mysql_query($sql);
if($result){
$login_check = mysql_num_rows($result);
}
// If login check number is greater than 0 (meaning they do exist and are activated)
if($login_check > 0){
while($row = mysql_fetch_array($result)){
$id = $row["ID"];
$_SESSION['ID'] = $id;
// Create the idx session var
$_SESSION['idx'] = base64_encode("xxxxxxxxxxxxxxxxxxx$id");
// Create session var for their username
$email = $row["email"];
$_SESSION['email'] = $email;
$_SESSION['userId'] = $row["ID"];
mysql_query("UPDATE members SET last_log_date=now() WHERE ID='$id' LIMIT 1");
} // close while
// All good they are logged in, send them to homepage then exit script
if (isset($_SESSION["email"]) || count($_SESSION["email"]) > 0) {
header("Location: http://localhost/dashboard.php");
}
} else { // Run this code if login_check is equal to 0 meaning they do not exist
$errorMsg = "Either the email or password (or both) are incorrect. Make sure that you've typed them correctly and try again";
}
}// Close else after error checks
}
?>
嘗試設置表單的頁面的動作,而不在URL中#login_form(我猜這個節目的時提交表單) – TommyBs 2013-03-18 12:54:56
儘管你可以使用$ _REQUEST而不是$ _POST,你應該考慮使用預處理語句或者至少一個mysql_escape_string($ email),並且使用$ password來避免sql注入 – ITroubs 2013-03-18 12:56:15
@ITroubs你說的對,它是這不是一個關於安全性的好例子。我編輯了劇本來迎合這一點。 – Janatan 2013-03-18 14:07:37