我正在尝试使用index.html,login.js和login.php创建登录名。
索引.html
<!DOCTYPE HTML>
<html>
<head>
<link rel="stylesheet" type="text/css" href="../css/login.css">
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script>
<script src="../javascript/login.js" type="text/javascript"></script>
<script src="../javascript/engine.js"></script>
</head>
<body>
<form name="loginForm" autocomplete="off">
<table align=center>
<tr><td colspan=2 bgcolor=#87C9FF><center><h2>Login</h2></center></td></tr>
<tr><td><label for="username">Username:</label></td><td><input id="username" name="username" pattern="[a-zA-Z0-9]{3,3}" title="Minmimum 3 letters or numbers." required></td></tr>
<tr><td><label for="password">Password:</label></td><td><input id="password" name="password" type="password" pattern=".{8,8}" title="Minmimum 8 letters or numbers." required></td></tr>
<tr><td colspan=2><center><input type="submit" class="btn" value="Login" onClick="handleLogin(this.form)"></center></td></tr>
</table>
</form>
<br/>
<br/>
<div name="Details" class="Details" id="Details></div>
<br/>
<?php include 'footer.php'; ?>
</body>
<html>
登录.js
jQuery(document).ready(
function () {
document.getElementById('username').focus().focus();
}
);
function handleLogin(frm){
var username = document.getElementById('username').value;
var password = document.getElementById('password').value;
alert('hello');
$.ajax({
type: 'POST',
url: 'login.php',
data: {un: username, pw: password},
dataType: 'json',
cache: false,
success: function(result) {
validate = result;
alert("Goodbye");
} ,
});
}
登录.php
<?php
$username = $_POST["un"];
$password = $_POST["pw"];
$username = strtoupper($username);
$password = strtoupper($password);
$file_handle = fopen("phplog.txt", "w");
$file_contents = "Username:" . $username . "'r'nPassword:" . $password . "'r'n";
# This section will open a connection to the existing backup server and get the last ith_rid used.
# It will then store that ith_rid to be used later and then close the database connection
$mysqlconn = new mysqli('localhost','username','password', 'table');
if ($mysqlconn->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqlconn->connect_errno . ") " . $mysqlconn->connect_error;
}
$res = $mysqlconn->query("SELECT opr, password FROM us_f WHERE opr='" . $username ."' GROUP BY opr, password ORDER BY opr DESC");
if (!$res) { ##If there is an error running query, display it to the screen.
echo "Error: $mysqlconn->error 'n";
}
$num_rows = $res -> num_rows;
$file_contents .= $num_rows . "'r'n";
$file_contents .= "SELECT opr, password FROM us_f WHERE opr='" . $username ."' GROUP BY opr, password ORDER BY opr DESC'r'n";
if ($num_rows > 0){
$result = 1;
fwrite($file_handle, $file_contents);
fclose($file_handle);
echo json_encode($result);
}
if ($num_rows == 0){
$result = 0;
fwrite($file_handle, $file_contents);
fclose($file_handle);
echo json_encode($result);
}
fwrite($file_handle, $file_contents);
fclose($file_handle);
?>
我已经测试了登录.php使用 GET 而不是 POST 并通过 URL 传递变量。我知道这有效,如果有效则返回 1,如果无效,则返回 0。
我已经测试了登录.js因为当我单击登录时它会弹出"您好"。
正在发生的事情是,一旦登录.php将结果发回,我就无法获得任何结果。例如,警报框"再见"不会出现。
我无法确定登录.php是否正确返回,或者登录.js是否正确处理结果。
logintest.html:
<form action="login.php" method=POST>
Username<input type="text" name="username" /><br />
Password<input type="password" name="password"<br />
<input type="submit">
</form>
- 使用一个简单的测试表单来测试你的PHP,将javascript排除在外。
- 不要将密码转换为大写,您的有效安全性大约降低了一半。
- 不要以纯文本形式存储密码!
- 不要将未经验证的用户输入连接到 SQL 查询中。
- 考虑用户名:
BobbyTables' OR 1=1;--
- 考虑用户名:
- 不要将用户名和密码记录到文件中!
- 我不明白您的查询中的
GROUP BY
子句,您没有使用任何聚合函数。