我想在我的代码中添加一个验证脚本。这是我的登录码和检查登录码。我想在里面添加一个验证脚本,我应该在哪个部分/代码块中添加验证脚本?
这是我的login.php
<html><head>
<link href="bootstrap/css/bootstrap.min.css" rel="stylesheet">
<link href="signin.css" rel="stylesheet">
</head>
<body>
<div class="container" id="contain">
<form class="form-signin" role="form" action="checklogin.php" method="post">
<h2 class="form-signin-heading">Login</h2></br></br>
<div class="form-group">
<label for="">Email<span class="error">*</span></label>
<input type="text" class="form-control input-lg" name="email" placeholder="Email address" autofocus="" value=""/>
</div>
<div class="form-group">
<label for="">Password<span class="error">*</span></label>
<input type="password" class="form-control input-lg" name="password" placeholder="Password" value=""/>
</div>
<p style="text-align:right;"><a href="forgotpwd.php" style="text-decoration:none;">Forgot password?</a></p>
<label class="checkbox">
<input type="checkbox" value="remember-me"> Remember me
</label>
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
</form>
</div>
</body>
</html>
这是我的checklogin.php检查数据库是否存在用户
<?php
session_start();
require('connection.php');
$email = $_POST['email'];
$password = $_POST['password'];
$email = stripslashes($email);
$password = stripslashes($password);
$sql = "select * from user_info where email = '$email' and pwd = '$password'";
$result = mysql_query($sql) or die ( mysql_error() );
$count = 0;
while ($line = mysql_fetch_assoc($result)) {
$count++;
}
if ($count == 1) {
$_SESSION['loggedIn'] = "true";
header("Location: loginSuccess.php");
} else {
$_SESSION['loggedIn'] = "false";
header("Location: loginFailed.php");
}
?>
我应该如何以及在哪里放置我的验证脚本?非常感谢!
你可以在这一节中添加你的javascript验证。
js的一个用途是,它被用作客户端验证脚本。
在提交表单之前,尝试调用一些javascript函数来验证username和password是否为空。这将减少服务器处理不需要的请求的负担。
请试试:
在你的HTML文件中,做这样的修改:
<head>
<link href="bootstrap/css/bootstrap.min.css" rel="stylesheet">
<link href="signin.css" rel="stylesheet">
<script src="signin.js"></script>
</head>
----
<button class="btn btn-lg btn-primary btn-block" type="submit" id="btn_signin">Sign in</button>
在你的javascript文件中:
// bind click event of btn_signin for setting the account
$('#btn_signin').click(function(){
// do the validation and if success, then submit the form, otherwise return false
});
你的问题很模糊,但通常流程是这样的:
- 用户到达页面并获得空表单
- 用户填写表单并提交
- 服务器接收表单数据并验证它
3.1如果数据无效,重新显示错误的表单,并填写已提交的数据
3.2如果数据有效,继续
在代码中是这样的:
on login.php
<?php
session_start(); // pull this out of the checklogin.php file
if ($_POST['email']){
// assumed user is trying to login
// so validate data
include 'checklogin.php';
}
?>
<html><head>
<link href="bootstrap/css/bootstrap.min.css" rel="stylesheet">
<link href="signin.css" rel="stylesheet">
</head>
<body>
<div class="container" id="contain">
<form class="form-signin" role="form" action="login.php" method="post">
<h2 class="form-signin-heading">Login</h2></br></br>
<?php if (isset($errors['login']){ echo $errors['login']; } ?>
<div class="form-group">
<?php if (isset($errors['email']){ echo $errors['email']; } ?>
<label for="">Email<span class="error">*</span></label>
<input type="text" class="form-control input-lg" name="email" placeholder="Email address" autofocus="" value="<?php echo $_POST['email']; ?>"/>
</div>
... removed for the sake of clarity ...
// note that the form submits to itself and php vars are echoed into the page if they exist
中,考虑到登录应该是安全的,有一些事情可以改进。查看php过滤器函数来验证电子邮件,检查密码长度,使用PDO代替mysql_query来避免sql注入等。但是现在让我们这样做:
if ($count == 1) {
$_SESSION['loggedIn'] = "true";
header("Location: loginSuccess.php");
} else {
$errors = array();
$errors['login'] = 'whoops... could not login'; // this var is available for the html in login.php
}