只是想确保我的PHP登录页面提交了一个新的页面,其中包含我的登录ID,例如"欢迎,XX", XX为您的登录用户名。那么我应该为下面的代码做些什么呢(我在这里使用了reCapture):
<!DOCTYPE html>
<head>
<title>reCaptcha Log-in</title>
<script src='https://www.google.com/recaptcha/api.js'></script>
</head>
<body> <!-- the body tag is required or the CAPTCHA may not show on some browsers -->
<!-- your HTML content -->
<body>
<fieldset style="border:2px groove; border-color:blue; padding:15px 30px 15px;margin-right:5px;width:350px;height:400px">
<form method="post" action="recaptcha.php">
<p><b>User Name </b> <input type="text" name="username1" size="20px" maxlength="15"></p>
<p><b>Password </b> <input type="password" name="password1" size="20px" maxlength="15"></p>
<?php
require_once('recaptchalib.php');
$publickey = "6LfxlgcTAAAAALNywpDCYeKbH8ACc9dw6xaCZT-0"; // you got this from the signup page
echo recaptcha_get_html($publickey);
?>
<br/>
<div align="left"> <input type="submit" name="submit1" value=login></div>
</form>
<!-- more of your HTML content -->
</body>
</html>
<?php
session_start();
require_once("require_pro.php");
if($_SERVER["REQUEST_METHOD"]=="POST")
{
if(isset($_POST['submit1'])){
require_once('recaptchalib.php');
$privatekey = "6LfxlgcTAAAAACugkAYxfmc__38DtbI5MzDUHKx-";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if ((!$resp->is_valid)&&(isset($_POST['username1']))) {
// What happens when the CAPTCHA was entered incorrectly
echo "<p>Sorry, Please enter the right reCaptcha code</p>";
$error = $resp->error;
} else {
$myusername=addslashes($_POST['username1']);
$mypassword=addslashes($_POST['password1']);
$sql=" SELECT * FROM user
WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count == 1)
{ $user1=$_POST['username1'];
echo "Login Successfully";
header("location:welcome.php?=$user1");
} else if(!empty($_POST['username1'])){
echo "<p><font color='black'>Login Information wrong, please try again</font></p>";
}
}
}
}
?>
<welcome.php> :
<!DOCTYPE html>
<html>
<head>
</head>
<body> <!-- the body tag is required or the CAPTCHA may not show on some browsers -->
<!-- your HTML content -->
<body>
<fieldset style="border:2px groove; border-color:blue; padding:15px 30px 15px;margin-right:5px;width:350px;height:400px">
<?php
echo" Welcome !".??????
</body>
</html>
首先,addslashes不是防止SQL注入的正确函数。参见通过addslashes()进行SQL注入的示例?
第二,mysql_*函数已被弃用,不应在新代码中使用。请访问http://php.net/mysql_query查看大红框。使用类似PDO的参数化查询(这也将帮助您进行SQL注入)。
第三,您需要在会话中存储一些东西,以便您知道他们已登录以及他们以哪个用户身份登录。当用户成功登录时,如下所示:
$_SESSION['username'] = $_POST['username1'];
这将允许您在后续页面中使用它
因为你是通过url传递用户名,你使用$_GET['']数组,但你的代码需要一点清理。你可以这样做
if($count == 1)
{ $user1=$_POST['username1'];
echo "Login Successfully";
header("location:welcome.php?username=$user1");
}
获取用户名,执行以下命令
echo "Welcome $_GET['username']"; //make sure you clean up the variable