我在login.php中有一个html表单,用户在其中输入用户名和密码。然后,我用html函数validateForm()验证他们是否在两个字段中都输入了数据。如果返回true,我想调用check_user_pw.php文件,该文件使用OCI验证用户名是否有效,以及他们的密码是否已过期。如果返回true,我希望通过$str_submit提交表单进行登录。用户在表单中输入数据后,我需要运行check_user_pw.php文件,以便在数据库中查询他们输入的信息。你能告诉我如何将php文件添加到onsubmit按钮中,以便在提交表单之前执行validateForm()和check_user_pw.php吗?而且,我可以像php文件中的函数一样返回布尔值吗?还是应该使用参数传递回login.php以确定我是否提交表单?
login.php(部分代码):
<?php
<script>
function validateForm()
{
var u=document.forms["LoginForm"]["ssousername"].value;
var p=document.forms["LoginForm"]["password"].value;
var x=new Boolean(true);
if (u==null || u=="" || p==null || p=="")
{
alert("Username and password must be entered");
x=false;
}
return x;
}
</script>
<form action="<? php print($str_submit) ?>" onsubmit="return validateForm()" method="post" name="LoginForm" AutoComplete="off">
<input type='hidden' name='site2pstoretoken' value='<?php print($str_token) ?>'>
<input type='hidden' name='W_url' value='<?php print($str_submit) ?>'>
<input type='hidden' name='subscribername' value='<?php print($subscribername) ?>'>
<table id="logintab">
<tr><td><font class="standard_div">User Name:</font></td><td><input type='text' name='ssousername' size='25' maxlength='30' value=''></td>
<td><div class="notes_div">(not case sensitive)</div></td></tr>
<tr><td><div class="standard_div">Password:</div></td><td><input type='password' name='password' size='25' maxlength='30' value=''></td>
<td><div class="notes_div">(case sensitive)</div></td></tr>
</table>
</form>
<?
check_user_pw.php:
<?php
$ssousername = $_POST['ssousername'];
$ssousername = strtoupper($ssousername);
//Clear out variables
unset($g_enabled_yn, $g_msg, $g_pw_last_chg, $pw_to_exp);
$today = date('m/d/y');
$today_p10 = date('m/d/y', strtotime('+' . 10 . ' days')); //today + 10 days
$c = ocilogon("a_imps", "*******", "test");
//Check if user enabled.
$s = ociparse($c, "begin a_imps.is_portal_user_enabled(:bv2, :bv3, :bv4); end;");
ocibindbyname($s, ":bv2", $ssousername); //input bind variable
ocibindbyname($s, ":bv3", $g_enabled_yn,1); //output bind variable
ocibindbyname($s, ":bv4", $g_msg,300); //output bind variable
ociexecute($s);
//Check pw expiration.
$s = ociparse($c, "begin :bv := ods.get_last_pwchg(:bv2); end;");
ocibindbyname($s, ":bv2", $ssousername); //input bind variable
ocibindbyname($s, ":bv", $g_pw_last_chg, 8); //output bind variable
ociexecute($s);
ocilogoff($c);
$ssousername = strtoupper($ssousername);
GLOBAL $ret;
$ret = true;
if ($g_enabled_yn == "N") //If account disabled, display message.-->
{
?>
<script>
alert("<? php print($g_msg) ?>");
</script>
<script> <!--Clear history and go back to main page-->
var Backlen=history.length;
history.go(-Backlen);
window.location.href="http://imps-forms.main_page"
</script>
<?php
$ret = false;
}
else
if ($g_pw_last_chg != "" && $g_pw_last_chg != null)
{
//60 days from last chg pw date, pw will expire. Change nbr below to 60
$pw_to_exp = date('m/d/y', strtotime($g_pw_last_chg. '+' . 80 . ' days'));
if ($pw_to_exp <= $today)
{
?>
<script type="text/javascript">
alert("Your password expired on <?php echo $pw_to_exp; ?>");
</script>
<script> <!--Clear history and go back to main page-->
var Backlen=history.length;
history.go(-Backlen);
window.location.href="http://imps-forms.main_page"
</script>
<?php
$ret = false;
}
}
return $ret;
?>
阅读AJAX,也许还有JSON。有了这个,你就可以完成任务。但是你可以伪造你的Form,这样你的Javascript就不会工作了。在这种情况下,您必须在服务器端验证用户。您在这个表单中的方法似乎不正确——您还应该阅读表单中的安全性,并首先查看其他登录脚本。