我有以下命名为admin的控制器
class Admin extends CI_Controller {
public function __construct() {
parent::__construct();
$this->load->model('admin_model');
}
public function index()
{
$this->load->library('session');
$this->load->database();
if (!$this->session->userdata('user_id') || !$this->session->userdata('user_name'))
{
header("Location: /admin/login");
}
else
{
$user_id = $this->session->userdata('user_id');
$user_name = $this->session->userdata('user_name');
if (!$this->admin_model->verify($user_id, $user_name))
header("Location: /admin/login");
}
$this->load->view('templates/header');
$this->load->view('admin/index');
$this->load->view('templates/footer');
}
public function login()
{
$this->load->view('templates/header');
$this->load->helper('form');
$this->load->library('form_validation');
$this->form_validation->set_rules('username', 'Username', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
if ($this->form_validation->run() == FALSE)
{
$data['run'] = false;
}
else if (!$this->admin_model->loginverify($this->input->post('username'),
$this->input->post('password')))
{
$data['run'] = false;
}
else
{
$data['run'] = true;
}
$this->load->view('admin/login', $data);
$this->load->view('templates/footer');
}
}
我有下面的模型叫做Admin_model
class Admin_model extends CI_Model
{
public function __construct() {
parent::__construct();
$this->load->database();
}
public function verify($id, $name)
{
if (!is_numeric($id))
return false;
else
{
$query = $this->db->get_where('users', array('id'=>$id, 'username'=>$name), 1);
if ($query->result()->num_rows() === 0)
return false;
else
return true;
}
}
public function loginverify($name, $pass)
{
$pass = md5($pass);
//$query = $this->db->get_where('users', array('username'=>$name, 'passwd'=>$pass), 1);
$query = $this->db->query("SELECT * FROM users WHERE username='$name' AND passwd='$pass' LIMIT 1");
if ($query->result()->num_rows() === 0)
return false;
else
return true;
}
}
我的表单是这样的:
<?php if (!$run)
{
?>
<form method="post" action="/admin/login">
<h5>Username</h5>
<input type="text" id="username" name="username" value="" size="50" />
<h5>Password</h5>
<input type="password" id="password" name="password" value="" size="50" />
<div><input type="submit" id="submit" name ="submit" value="Login" /></div>
</form>
<?php
}else{
echo "successfully login";
}
?>
当我提交时,我得到了一个空白页面,当我在Chrome中检查网络时,我看到帖子导致了500内部服务器错误。
当我将直接查询更改为get_where时,如上述注释行所示,我得到了一个严重性8192,错误消息为mysql_escape_string(): This function is deprecated; use mysql_real_escape_string() instead.
我在这里使用手动表单,但我的CSRF设置为false。我试过使用form_open('admin/login'),但可笑的是,它变成了localhost/?admin/login和额外的?。
您的表单可能没有指向正确的url,所以我建议您更改此:
<form action="/admin/login">
<form action="<?php echo site_url('admin/login'); ?>">
然后尝试替换所有的headers() methods:
header("Location: /admin/login");
redirect(site_url('admin/login'),'',302);
真诚地说,从来没有使用header();与Codeigniter