如何編輯此PHP登錄腳本的表單錯誤以在原始頁面上輸出錯誤？

Question

我一直在尋找下面的PHP登錄教程：http：//www.evolt.org/node/60265，並最終將開發進一步的功能，但我堅持一件事先。我的腳本在我的測試網站上運行，我可以註冊併成功登錄。然而，錯誤檢查是我有一個抱怨，例如，如果用戶未填寫必填字段，錯誤「您沒有填寫所需的表單」顯示在空白網頁上 - 我怎麼能得到這將顯示在與表單相同的頁面上（一旦提交）。

編輯：謝謝邁克爾，我已根據您的答案更新了我的代碼，但認爲我誤解了某處，或者因爲我的頁面空白而出錯。我已經看了幾遍，但我仍然不確定。

更新代碼...

<?php 

    session_start(); 
    include('./templates/dbconnect.php'); 
    global $logged_in; 


/** 
* Returns true if the username has been taken 
* by another user, false otherwise. 
*/ 
function usernameTaken($username){ 
    global $con; 
    if(!get_magic_quotes_gpc()){ 
     $username = addslashes($username); 
    } 
    $query = "select username from users where username = '$username'"; 
    $result = mysql_query($query,$con); 
    return (mysql_numrows($result) > 0); 
} 


/** 
* Inserts the given (username, password) pair 
* into the database. Returns true on success, 
* false otherwise. 
*/ 
function addNewUser($username, $password, $firstname, $lastname, $email){ 
    global $con; 
    $query = "INSERT INTO users(username, password, firstname, lastname, email) VALUES ('$username', '$password', '$firstname', '$lastname' , '$email')"; 
    return mysql_query($query,$con) or die(mysql_error()); 
} 


/** 
* Displays the appropriate message to the user 
* after the registration attempt. It displays a 
* success or failure status depending on a 
* session variable set during registration. 
*/ 
function displayStatus(){ 
    $uname = $_SESSION['reguname']; 
    if($_SESSION['regresult']){ 
?> 

Registered! 
Thank you <b><?php echo $uname; ?></b>, your information has been added to the database, you may now <a href="main.php" title="Login">log in</a>. 

<?php 
    } 
    else{ 
?> 

Registration Failed 
We're sorry, but an error has occurred and your registration for the username <b><? echo $uname; ?></b>, could not be completed.<br> 
Please try again. 

<?php 
    } 
    unset($_SESSION['reguname']); 
    unset($_SESSION['registered']); 
    unset($_SESSION['regresult']); 
} 

if(isset($_SESSION['registered'])){ 
/** 
* This is the page that will be displayed after the 
* registration has been attempted. 
*/ 
?> 


<html> 
<head> 
<title>Register</title> 
<link rel="stylesheet" type="text/css" href="style.css" /> 
</head> 
<body> 




<div class="container"> 

<?php include('./templates/header.php'); ?> 







<div class="content"> 

<?php displayStatus(); ?> 


</div> 
<div class="footer">Copyright © 2011 Richard Day.</div> 
</div> 
</body> 
</html> 

<?php 

return; 
} 

/** 
* Determines whether or not to show to sign-up form 
* based on whether the form has been submitted, if it 
* has, check the database for consistency and create 
* the new account. 
*/ 



if(isset($_POST['submit'])){ 
    /* Make sure all fields were entered */ 
    // Initialize an empty container for all the errors 
    $errors = ""; 


    if(!$_POST['username'] || !$_POST['password'] || !$_POST['firstname'] || !$_POST['lastname'] || !$_POST['email']){ 
    // die('You didn\'t fill in a required field.'); 

    $errors .= "You didn\'t fill in a required field.<br />\n"; 
    } 


    /* Spruce up username, check length */ 
    $_POST['username'] = trim($_POST['username']); 
    if(strlen($_POST['username']) > 16){ 
     //die("Sorry, the username is longer than 16 characters, please shorten it."); 

    $errors .= "Sorry, the username is longer than 16 characters, please shorten it.<br />\n"; 
    } 

    /* Check if username is already in use */ 
    if(usernameTaken($_POST['username'])){ 
     $use = $_POST['username']; 

    $errors .="Sorry, the username: <strong>$use</strong> is already taken, please pick another one."; 
     //die("Sorry, the username: <strong>$use</strong> is already taken, please pick another one."); 
    } 


    // No previous errors, so it's safe to store the variables. 
    if (empty($errors)) { 
     /* Add the new account to the database */ 
     $md5pass = md5($_POST['password']); 
     $_SESSION['reguname'] = $_POST['username']; 
     $_SESSION['regfirstname'] = $_POST['firstname']; 
     $_SESSION['reglastname'] = $_POST['lastname']; 
     $_SESSION['regemailname'] = $_POST['email']; 
     $_SESSION['regresult'] = addNewUser($_POST['username'], $md5pass, $_POST['firstname'], $_POST['lastname'], $_POST['email']); 
     $_SESSION['registered'] = true; 
     echo "<meta http-equiv=\"Refresh\" content=\"0;url=$_SERVER[PHP_SELF]\">"; 
     return; 

} 

?> 


<html> 
<head> 
<title>Register</title> 
<link rel="stylesheet" type="text/css" href="style.css" /> 
</head> 
<body> 


<div class="container"> 

<?php include('./templates/header.php'); ?> 



<div class="content"> 


<?php 

    if (!empty($errors) || !isset($_POST['submit'])) { 
    // Display all the accumulated errors (if any) 
    echo $errors; 

/** 
* This is the page with the sign-up form, the names 
* of the input fields are important and should not 
* be changed. 
*/ 

} 



?> 

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> 
<table align="center" border="0" cellspacing="0" cellpadding="3"> 
<tr><td><b>Register</b></td></tr> 
<tr><td>Username:</td><td><input type="text" name="username" maxlength="16"></td></tr> 
<tr><td>Password:</td><td><input type="password" name="password" maxlength="30"></td></tr> 
<tr><td>First name:</td><td><input type="text" name="firstname" maxlength="32"></td></tr> 
<tr><td>Last name:</td><td><input type="text" name="lastname" maxlength="32"></td></tr> 
<tr><td>E-mail:</td><td><input type="text" name="email" maxlength="64"></td></tr> 

<tr><td colspan="2" align="right"><input type="submit" name="submit" value="Register"></td></tr> 
</table> 
</form> 


</div> 
<div class="footer">Copyright © 2011 Richard Day.</div> 
</div> 
</body> 
</html> 


<?php 
} 

?> 

Answer 1

不要使用die()有錯誤退出。相反，請將您的錯誤消息累積到可顯示在表單上方的單個變量中。

// Initialize an empty container for all the errors 
$errors = ""; 

if(!$_POST['username'] || !$_POST['password'] || !$_POST['firstname'] || !$_POST['lastname'] || !$_POST['email']){ 
    // Don't use die() 
    //die('You didn\'t fill in a required field.'); 

    // Instead add this error to the $errors string. 
    $errors .= "You didn\'t fill in a required field.<br />\n"; 
} 

// Do the same for all the error conditions... 

測試做您的會話&數據庫活動前沒有出現錯誤：

// No previous errors, so it's safe to store the variables. 
if (empty($errors)) { 
    /* Add the new account to the database */ 
    $md5pass = md5($_POST['password']); 
    $_SESSION['reguname'] = $_POST['username']; 
    $_SESSION['regfirstname'] = $_POST['firstname']; 
    $_SESSION['reglastname'] = $_POST['lastname']; 
    $_SESSION['regemailname'] = $_POST['email']; 
    $_SESSION['regresult'] = addNewUser($_POST['username'], $md5pass, $_POST['firstname'], $_POST['lastname'], $_POST['email']); 
    $_SESSION['registered'] = true; 
    echo "<meta http-equiv=\"Refresh\" content=\"0;url=$_SERVER[PHP_SELF]\">"; 
    return; 
} 

然後，而不是隻顯示內部else情況下的形式，改變其狀態，以測試如果任一職還沒有已提交，或者$errors不是空的（即以前有錯誤）。

if (!empty($errors) || !isset($_POST['submit'])) { 
    // Display all the accumulated error messages (if there were any) 
    echo $errors; 

    // Display your form. 
    // form stuff.... 
} 

關於SQL注入的進一步說明... magic_quotes_gpc這些天不會經常遇到。而不是addslashes()通常的做法是使用mysql_real_escape_string()。

// Instead of this.... 
if(!get_magic_quotes_gpc()){ 
    $username = addslashes($username); 
} 

// Do this... 
$username = mysql_real_escape_string($username); 

做任何你傳遞一個$_POST（或GET或餅乾，或其他用戶輸入）值到您的SQL查詢同樣的事情。

Answer 2

讓PHP腳本自己打印登錄表單怎麼樣？然後，您可以打印出錯誤等其他信息。

<html> 
<head> 
</head> 
<body> 

<?php 

if(!isset($_GET['login'])) 
{ 
    //Print out the login form. 
} 
else 
{ 
    //Check the login, if any errors occurs, print errors along with form. 
} 

?> 

</body> 
</html> 

請記住將表單的動作指向您的登錄頁面。

<form name="login" action="index.php" method="get"> 
Username: <input name="username" type="text" /> 
<br /> 
Password: <input name="password" type="password" /> 
<br /> 
<input type="submit" value="Login" /> 
</form> 

將index.php更改爲登錄頁面。

您認爲如何？

編輯：

我沒有檢查是否有錯誤或潛在安全漏洞的代碼，我剛纔已經回答了你的問題。