1. 首頁
  2. 問答
  3. 自定義php登錄表單:使用模式

自定義php登錄表單:使用模式

2016-05-17 17 views
0

我想讓我的登錄php工作。我找不到有什麼問題。我以前有過這樣的工作,但它突然停止了。我也使用bootstrap,但我不認爲這會導致任何問題。 php和表單之間的所有內容似乎都匹配。我爲登錄表單使用javascript和css模式,但我不認爲這會影響它。自定義php登錄表單:使用模式

PHP:

<?php 
session_start(); 
include_once 'dbconnect.php'; 

if(isset($_SESSION['usr_id'])) { 

echo "Successfully Logged In!"; 

//header("Location: index.php"); 

} 

if (isset($_POST['login'])) { 

$email = mysqli_real_escape_string($con, $_POST['email']); 

$password = mysqli_real_escape_string($con, $_POST['password']); 

$result = mysqli_query($con, "SELECT * FROM users WHERE email = '" . $email . "' and password = '" . md5($password) . "'"); 
?> 
<!--<script> 
    alert("<?php echo 'Result is: '.$result; ?>"); 
</script> --> 
<?php 
$row = mysqli_fetch_array($result); 
echo $row; 

if ($row != NULL) { 

    $_SESSION['usr_id'] = $row['id']; 

    $_SESSION['usr_name'] = $row['name']; 

    // header("Location: index.php"); 

} else { 

    $errormsg = "Incorrect Email or Password!!!"; 

} 

} 

?>

這裏是我的登錄模式與形式:

<!-- The Modal --> 
    <div id="login" class="modal"> 

<!-- Modal content --> 
    <div class='js-fade fade-in is-paused'> 
     <div class="modal-content"> 
      <span class="close" data-dismiss="modal">x</span> 
       <form role="form" action="index.php" method="post" name="loginform"> 

             <fieldset> 

              <legend>Login</legend> 



              <div class="form-group"> 

               <label for="name">Email</label> 

               <input type="text" name="email" id="email" placeholder="Your Email" required class="form-control" /> 

              </div> 



              <div class="form-group"> 

               <label for="name">Password</label> 

               <input type="password" name="password" id="password" placeholder="Your Password" required class="form-control" /> 

              </div> 


              <div class="form-group"> 

               <input type="submit" name="login" value="login" class="btn btn-info login" role="button" /> 

              </div> 

             </fieldset> 
              <div class="signupbtn"> 
               <li><a href="signup/index.php" class="noaccount btn btn-info" id="signupbtn">Don't have an account? Sign Up here.</a></li> 
              </div> 
            </form> 
     </div> 

    </div> 
</div>

導航欄:

<!-- Nav Bar --> 
<nav class="navbar navbar-default navbar-fixed-top navbar-left"> 
    <div class="container"> 
     <div class="navbar-header"> 
      <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> 
       <span class="icon-bar"></span> 
       <span class="icon-bar"></span> 
       <span class="icon-bar"></span> 
      </button> 
       <a class="navbar-brand brand" href="#" style="font-family: Warnes">Unleasht</a> 
     </div> 
    <div class="collapse navbar-collapse"> 
     <ul class="nav navbar-nav"> 
      <li class="navbarli"><a href="#" class="navbarli">HOME</a></li> 
      <li class="navbarli"><a href="#about" class="navbarli">ABOUT</a></li> 
      <li class="navbarli"><a href="#music" class="navbarli" data-toggle="collapse" data-target=".navbar-collapse.in">MUSIC</a></li> 
      <li class="navbarli"><a href="#contact" class="navbarli" data-toggle="collapse" data-target=".navbar-collapse.in">CONTACT</a></li> 
     </ul> 
     <ul class="nav navbar-nav navbar-right"> 

      <?php 
      function loggedIn(){ 
      if(isset($_SESSION['usr_id'])) 
      { echo '<li class="dropdown"> 
        <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">'. $_SESSION['user'] .'<span class="caret"></span></a> 
        <ul class="dropdown-menu"> 
         <li><a href="#">'. $_SESSION['usr_name'] .'</a></li> 
         <li><a href="#">Account</a></li> 
         <li role="separator" class="divider"></li> 
         <li><a action="login/logout.php">Logout</a></li> 
        </ul> 
       </li>'; 
      }else{ 
       unset($_SESSION['usr_id']); 
       echo '<li><a href="#login" class="navbarli" data-toggle="modal" data-target="#login" id="loginbtn"><span class="glyphicon glyphicon-log-in navbarli"></span> Login</a></li>'; 
       } 
      } 
      loggedIn(); 
      ?> 

     </ul> 
    </div><!--/.nav-collapse --> 
    </div> 
</nav>

我在做什麼錯?

來源

2016-05-17 Luke Foster

+0

是的,我知道,MD5是不使用的,因爲密碼是好事安全。現在,我只是試圖讓登錄工作,然後我會從md5切換到其他的。 –

+0

你真的不應該使用[MD5密碼哈希](http://security.stackexchange.com/questions/19906/is-md5-considered-insecure),你真的應該使用PHP的[內置函數](http: //jayblanchard.net/proper_password_hashing_with_PHP.html)來處理密碼安全性。確保你[不要逃避密碼](http://stackoverflow.com/q/36628418/1011527)或在哈希之前使用其他任何清理機制。這樣做*更改密碼並導致不必要的附加編碼。 –

+0

[Little Bobby](http://bobby-tables.com/)說[你的腳本存在SQL注入攻擊的風險。](http://stackoverflow.com/questions/60174/how-can-i-prevent -sql -injection-in-php)瞭解[MySQLi]的[prepared](http://en.wikipedia.org/wiki/Prepared_statement)語句(http://php.net/manual/en/mysqli.quickstart .prepared-statements.php)。即使[轉義字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! –

回答

0

您不能設置$ _SESSION [「usr_id」]你所發送的報頭之後,嘗試下面的代碼:

<?php 
session_start(); 
include_once 'dbconnect.php'; 
if(isset($_SESSION['usr_id'])) { 
    echo "Successfully Logged In!"; 
}elseif (isset($_POST['login'])) { 
    $email = mysqli_real_escape_string($con, $_POST['email']); 
    $password = mysqli_real_escape_string($con, $_POST['password']); 
    $result = mysqli_query($con, "SELECT * FROM users WHERE email = '" . $email . "' and password = '" . md5($password) . "'"); 
    if (mysqli_num_rows($result)==1) { 
     $row = mysqli_fetch_array($result); 
     $_SESSION['usr_id'] = $row['id']; 
     $_SESSION['usr_name'] = $row['name']; 
     echo "OK fine"; 
    } else { 
     echo "Incorrect Email or Password!!!"; 
    } 
} 
?>

來源

2016-05-17 15:34:16

+0

OP爲什麼要「嘗試」這個?一個好的答案***將總是解釋所做的事情以及爲什麼這樣做,不僅是爲了OP,還是爲了將來訪問SO。 –

+0

此外,您可以隨時設置SESSION變量 - 發送標頭後,您無法啓動會話。請記住OP說:「我以前有過它,但它突然停止了。」* –

相關問題

 相關問題