1. 首頁
  2. 問答
  3. PHP驗證消息出現在頭文件

PHP驗證消息出現在頭文件

2017-01-25 43 views
0

關於驗證消息的問題。用戶提交表單後,我的表單驗證消息(通過php)出現在標題中。PHP驗證消息出現在頭文件

我該如何獲得消息出現在正文(表單下)。下面的代碼。 Screen shot attached for clarification

<? 
/* Check User Script */ 
session_start(); // Start Session 

include 'db.php'; 
// Conver to simple variables 
$username = $_POST['username']; 
$password = $_POST['password']; 

if((!$username) || (!$password)){ 
echo "Please enter ALL of the information! <br />"; 
include 'login_form.html'; 
exit(); 
} 

// Convert password to md5 hash 
$password = md5($password); 

// check if the user info validates the db 
$sql = mysql_query("SELECT 
* 
FROM users u 
WHERE 
username='$username' 
AND password='$password' 
AND activated='1' 
AND u.email_address IN (SELECT email from authorized_doctors) 
    "); 
$login_check = mysql_num_rows($sql); 

if($login_check > 0){ 
while($row = mysql_fetch_array($sql)){ 
foreach($row AS $key => $val){ 
    $$key = stripslashes($val); 
} 
    // Register some session variables! 
    session_start('first_name'); 
    $_SESSION['first_name'] = $first_name; 
    session_start('last_name'); 
    $_SESSION['last_name'] = $last_name; 
    session_start('email_address'); 
    $_SESSION['email_address'] = $email_address; 
    session_start('special_user'); 
    $_SESSION['user_level'] = $user_level; 

    mysql_query("UPDATE users SET last_login=now() WHERE 
    userid='$userid'"); 

    header("Location: login_success.php"); 
    } 
    } else { 
echo "<br>You could not be logged in! Either the username and 
password do not match or you have not validated your membership! 
Please try again!<br />"; 
include 'login_form.html'; 
} 
?>

來源

2017-01-25 J Castle

+1

***請[停止使用'mysql_ *'功能(http://stackoverflow.com/questions/12859942 /why-shouldnt-i-use-mysql-functions-in-php).*** [這些擴展名](http://php.net/manual/en/migration70.removed-exts-sapis.php)已在PHP 7中刪除。瞭解[準備](http://en.wikipedia.org/wiki/Prepared_statement)[PDO]的聲明(http://php.net/manual/en/pdo.prepared-statements.php )和[MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)並考慮使用PDO,[這真的很簡單](http://jayblanchard.net/de mystifying_php_pdo.html)。 –

+0

[Little Bobby](http://bobby-tables.com/)說*** [你的腳本存在SQL注入攻擊風險。](http://stackoverflow.com/questions/60174/how-can- I-防止-SQL注入式-PHP)***。即使[轉義字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! –

+0

***你真的不應該使用[MD5密碼哈希](http://security.stackexchange.com/questions/19906/is-md5-considered-insecure)***,你真的應該使用PHP的[在函數中](http://jayblanchard.net/proper_password_hashing_with_PHP.html)來處理密碼安全性。在散列之前,請確保你[不要越過密碼](http://stackoverflow.com/q/36628418/1011527)或使用其他任何清理機制。這樣做*更改密碼並導致不必要的附加編碼。 –

回答

1

只輸出所需數據的include AFTER:

... 
} else { 
    include 'login_form.html'; 
    echo "<br>You could not be logged in! Either the 
       username and password do not match or you have not validated your membership! 
      Please try again!<br />"; 
} 
?>

來源

2017-01-25 16:42:55

1

你可以在消息中所需位置這個變量賦值給一個變量和輸出。例如:

$message = '<br>You could not be logged in! Either the username and 
password do not match or you have not validated your membership! 
Please try again!<br />'; 

include 'login_form.php';

而在login_form.php類似:

... 
<a href="">Forgot password?</a> 
<?php echo $message; ?> 
...

來源

2017-01-25 16:43:46 antesoles

相關問題

 相關問題