嗨,我目前正在工作的用户登录,那里可以有2种不同的情况,当一个人提交表单。
我想要完成的是,如果有人登录,它们要么被重定向到用户页,要么被重定向到管理页,这取决于它们的用户名位于哪个表。
我的问题是,提交表单后,浏览器显示一个空白页面,没有错误,URL是表单的php动作。
这是我的html文件
<?php
//Start session
//error_reporting = E_ALL & ~E_NOTICE;
ini_set( 'error_reporting', E_ALL & ~E_NOTICE);
session_start();
//Unset the variables stored in session
unset($_SESSION['SESS_MEMBER_ID']);
unset($_SESSION['SESS_USERNAME']);
unset($_SESSION['SESS_PASSWORD']);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="css/style.css" title="" />
<link rel="stylesheet" href="css/animate.css" title="" />
<link href='http://fonts.googleapis.com/css?family=Open+Sans:400,600,700,300' rel='stylesheet' type='text/css'>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.js"> </script>
<script src="js/mouseEvents.js"></script>
<title>Grey Avenue Item Inventory Login</title>
</head>
<body>
<div id="container">
<div id="mainform" >
<div id="formcontainer" class="animated fadeInDown">
<div id="formheader">
<div class="logocont">
<a href="#"><span class="logoImg"></span></a>
<h2 class="textheader">Inventory System Log-In</h2>
</div>
</div>
<form action="login.php" method="post" id="loginform">
<div class="inputbox"> <input type="text" name="username" placeholder="Username" maxlength="12"/></div>
<div class="inputbox"> <input type="password" name="password" placeholder="Password" maxlength="12"/></div>
</form>
<div id="loginbutton">
<button type="submit" form="loginform" class="loginbutton" value="Log In">
<span class="loginbut_text">Log In</span>
</button>
<button class="regbutton" value="Register">
<span class="loginbut_text">Register</span>
</button>
</div>
<div id="errormsg">
<?php
if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
echo '<ul class="err">';
foreach($_SESSION['ERRMSG_ARR'] as $msg) {
echo '<li>',$msg,'</li>';
}
echo '</ul>';
unset($_SESSION['ERRMSG_ARR']);
}
?>
</div>
</div>
</div>
</div>
</body>
</html>
和我的login.php文件
<?php
session_start();
require("connect.php");
require("lib/password.php");
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
$username = $_POST["username"];
$password = $_POST["password"];
//Input Validations
if($username == "") {
$errmsg_arr[] = "*Username missing";
$errflag = true;
}
if($password == "") {
$errmsg_arr[] = "*Password missing";
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION["ERRMSG_ARR"] = $errmsg_arr;
session_write_close();
header("location: index.php");
die();
}
if ($sql = $conn->prepare("SELECT id, username, password, firstName, lastName FROM users WHERE username = ?")){
$sql->bind_param("s", $username) ;
$sql->execute();
$sql->store_result();
$result = $sql->num_rows;
$sql->bind_result($id, $username, $passwordhash, $firstName, $lastName);
$sql->fetch();
if ($result > 0){
if(password_verify($password, $passwordhash)){
session_regenerate_id();
$_SESSION["SESS_MEMBER_ID"] = $id;
$_SESSION["SESS_USERNAME"] = $username;
$_SESSION["SESS_PASSWORD"] = $password;
$_SESSION["SESS_FIRSTNAME"] = $firstName;
$_SESSION["SESS_LASTNAME"] = $lastName;
session_write_close();
header("location: inventory.php");
die();
}
else {
//Login failed
$errmsg_arr[] = "Username and Password do not match";
$errflag = true;
if($errflag) {
$_SESSION["ERRMSG_ARR"] = $errmsg_arr;
session_write_close();
header("location:index.php");
die();
}
}
}
}
else {
if($sql = $conn->prepare("SELECT id, username, password, firstName, lastName FROM admin WHERE username=?")){
$sql->bind_param("s", $username);
$sql->execute();
$sql->store_result();
$result = $sql->num_rows;
$sql->bind_result($id, $username, $passwordhash, $firstName, $lastName);
$sql->fetch();
if($result > 0){
if(password_verify($password, $passwordhash)){
session_regenerate_id();
$_SESSION["SESS_MEMBER_ID"] = $id;
$_SESSION["SESS_USERNAME"] = $username;
$_SESSION["SESS_PASSWORD"] = $password;
$_SESSION["SESS_FIRSTNAME"] = $firstName;
$_SESSION["SESS_LASTNAME"] = $lastName;
session_write_close();
header("location: http://www.greyavenue.ph/shoplogin/inventoryadmin.php");
die();
}
else {
//Login failed
$errmsg_arr[] = "Username and Password do not match";
$errflag = true;
if($errflag) {
$_SESSION["ERRMSG_ARR"] = $errmsg_arr;
session_write_close();
header("location: index.php");
die();
}
}
}
else{
//Login failed
$errmsg_arr[] = "Username and Password not found";
$errflag = true;
if($errflag) {
$_SESSION["ERRMSG_ARR"] = $errmsg_arr;
session_write_close();
header("location: http://www.greyavenue.ph/shoplogin/index.php");
die();
}
}
}
}
?>
我很困惑,因为登录似乎起作用,并将浏览器重定向到页面,当我之前没有散列密码,但现在在用散列函数更改代码后,URL仍然在这个php文件。
非常感谢您花时间阅读并提前回答我的问题!谢谢!
逻辑错误:
你的代码,剥离到牛肉:
if ($sql = $conn->prepare("SELECT id, username, password, firstName, lastName FROM users WHERE username = ?")){
// retrieve result
if ($result > 0){
// check result
}
}
else {
// select from admin
}
如果您有一个不适合的user/pwd元组,则$result
为0。在这个特殊的cse中,任何重定向分支都不会被击中,页面只显示为空。
需要做如下修改:
if ($sql = $conn->prepare("SELECT id, username, password, firstName, lastName FROM users WHERE username = ?")){
// handle sql error
}
// retrieve result
if ($result > 0){
// check result, either logged in or error
}
// no result in users, check admin:
if ($sql = $conn->prepare("SELECT id, username, password, firstName, lastName FROM admin WHERE username = ?")){
// handle sql error
}
// retrieve result
if ($result > 0){
// check result, either logged in or error
}
在您的HTML代码中进行此更改
<form action="login.php" method="post" id="loginform">
<div class="inputbox"> <input type="text" name="username" placeholder="Username" maxlength="12"/></div>
<div class="inputbox"> <input type="password" name="password" placeholder="Password" maxlength="12"/></div>
<div id="loginbutton">
<button type="submit" form="loginform" class="loginbutton" value="Log In">
<span class="loginbut_text">Log In</span>
</button>
<button class="regbutton" value="Register">
<span class="loginbut_text">Register</span>
</button>
</form>
似乎正在发生的事情是错误报告关闭(您在"html"文件中设置它,但不在login.php中),同时在您的password_verify()函数中存在问题。
你应该把那个函数也贴出来,让我们看看。
另外,如果您使用的password_verify似乎不是内置的,并且您的PHP是5.5或更高版本,您可能会尝试定义一个保留名称(password_verify)的函数,从而得到一个致命的错误,您无法看到,因为显然错误不会显示在您的服务器中。
嗨,伙计们,我已经解决了我的问题,这很简单,如果我给你们带来了麻烦,我很抱歉。
我忘记把第二个else查询语句放在第一个语句中,它检查可用的行数。
非常感谢您的见解和反馈!