-1
似乎,我無法在腳本中添加密碼保護:它應該允許使用密碼登錄並將數據從表單提交給mysql。登錄看起來不錯,但如果我嘗試按提交,它會將我返回到登錄頁面。看來,該會話被刪除或覆蓋,但目前尚不清楚,如何:php會話在表單提交後丟失
//login area
<?php
$password = "test";
session_start();
$_SESSION['txtPassword']= $_POST['txtPassword'] ;
if ($_SESSION['txtPassword']!=$password) {
?>
<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p><label for="txtPassword">Password:</label>
<br /><input type="text" title="Enter your password" name="txtPassword" /></p>
<p><input type="submit" name="Submit" value="Login" /></p>
</form>
<?
}
elseif ( $_SESSION['txtPassword']=$password) {
echo $_SESSION['txtPassword'] ; // tried to print password, result is correct: test
//my db connection, just in case:
include "config.php";
$connect = mysqli_connect(HOST, USER, PASSWORD, NAME);
// data which should be inserted to db
if
(@$_POST['posted']=='1' $_POST['posted'])) {
$sSQL = "UPDATE users SET user_login='".mysqli_real_escape_string($connect, $_POST['usern'])."',user_pass='".mysqli_real_escape_string($connect, dohashpw($_POST['passw']))."' WHERE ID=1";
mysqli_query($connect, $sSQL) or print(mysql_error());
print ' <div class="container"> <p class="pstype">Password updated! </p>';
...
//input form
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"><input type="hidden" name="posted" value="1" />
<div class="col-xs-3">
<label for="ex2">New Username: </label>
<input type="text" class="form-control input-lg" name="usern" >
</div>
<div class="col-xs-3">
<label for="ex2">New Password: </label>
<input type="password" class="form-control input-lg" name="passw" >
</div>
<div class="col-xs-3">
<input type="submit" value="Submit" onclick="<? mysqli_query ($connect, $sSQL);?>; ">
</div>
</form>
我能夠登錄這個網頁,但是當我填寫表格,然後點擊提交,我再次得到登錄區。如果echo $ _SESSION顯示正確的結果,我認爲它已建立,但提交後數據丟失。你能幫我找到我的錯誤嗎?
旁註:首先,在會話中傳遞密碼不是一個好主意。無論哪種方式,檢查錯誤。 –
這不是比較'elseif($ _SESSION ['txtPassword'] = $ password)'。什麼是@ $ _ POST ['posted'] =='1'$ _POST ['posted']'假設要做什麼? – chris85
旁註2:你應該哈希和鹽你的密碼。 –