我刚开始学习PHP,在一个简单的登录页面工作时遇到了一些麻烦。当我第一次加载此脚本时,会打印文本"错误的密码/用户名"和注销按钮,但不打印登录表单。为什么会发生这种情况,我将如何更改代码以使登录表单和注销按钮按预期协同工作?
<?php
if (isset($_POST['log_out'])) { // If the page was reloaded as a result of the user having clicked the logout button,
session_destroy(); // kill session.
}
session_start(); // Start a new session with
$_SESSION['user'] = 'foo'; // a static username, and
$_SESSION['pass'] = 'bar'; // a static password.
// If I insert $_SESSION['logged_in'] = 'false'; here to start things off, a blank alert box will be returned no matter from where on the page I alert() the value with JS. On the other hand, without this line the same alert will return "1" both here and further down in the script.
if (($_POST['username'] == $_SESSION['user']) && ($_POST['password'] == $_SESSION['pass'])) { // If the username and password filled in before the page reload match the static ones,
$_SESSION['logged_in'] = true; // the user is logged in.
} else { // If there is no match ...
echo 'Wrong password/username.';
}
include("head.php"); // HTML snippet with everything from the DOCTYPE to the opening BODY tag.
?>
<div> // HTML interlude ...
<?php
// If the user is logged in, print out a logout button in HTML at the top of the page:
if (isset($_SESSION['logged_in']) && ($_SESSION['logged_in'] == true)) {
echo ' <form action="index.php" method="post">';
echo ' <input type="submit" name="log_out" value="Log out">';
echo ' </form>';
}
?>
<p>HTML interlude ...</p>
<?php
// If the user is not logged in, print out a login form in HTML at the bottom of the page:
if ($_SESSION['logged_in'] != true) {
echo ' <form action="index.php" method="post">';
echo ' <label for="username">Username</label><br>';
echo ' <input type="text" name="username" id="username"><br>';
echo ' <label for="password">Password</label><br>';
echo ' <input type="text" name="password" id="password"><br>';
echo ' <input type="submit" name="submit" id="submit" value="Log in">';
echo ' </form>';
}
?>
</div>
<?php include("footer.php"); ?>
if (($_POST['username'] == $_SESSION['user']) && ($_POST['password'] == $_SESSION['pass'])) { the static ones,
$_SESSION['logged_in'] = true; // the user is logged in.
} else {
echo 'Wrong password/username.';
}
当页面第一次加载时,这部分将显示"错误的密码/用户名",因为如果没有来自$_POST['username'],条件将为假。
将条件isset($_POST['username']) && isset($_POST['password'])添加到这两个选项。这样:
if(isset($_POST['username']) && isset($_POST['password'])){
if (($_POST['username'] == $_SESSION['user']) && ($_POST['password'] == $_SESSION['pass'])) { the static ones,
$_SESSION['logged_in'] = true; // the user is logged in.
} else {
echo 'Wrong password/username.';
}
}
首次加载页面时不会评估任何内容,而只会在发布凭据时进行评估。
通过调试脚本可以发现: 将期望存储到变量中并打印出来,例如:
$isLoggedIn = $_SESSION['logged_in']; # Give things a name! (always useful)
echo 'isLoggedIn: ', var_dump($isLoggedIn), "'n"; # debugging
if ($isLoggedIn != true) {
echo ' <form action="index.php" method="post">';
echo ' <label for="username">Username</label><br>';
echo ' <input type="text" name="username" id="username"><br>';
echo ' <label for="password">Password</label><br>';
echo ' <input type="text" name="password" id="password"><br>';
echo ' <input type="submit" name="submit" id="submit" value="Log in">';
echo ' </form>';
}
第一次加载页面时,除非您传递了所需的帖子变量,否则您的条件检查
if (($_POST['username'] == $_SESSION['user']) && ($_POST['password'] == $_SESSION['pass']))
将失败,因此显示Wrong password/username.消息。
代码看起来不错,实际上对于"只是学习"的人来说做得很好。
鉴于代码没有明显的问题(一些粗糙的边缘 - 在比较布尔值时,您应该考虑使用"==="而不是"=="),那么问题可能是会话。
尝试。。。
print_r($_SESSION);
紧跟在 session_start() 之后,紧接在选择是否显示注销按钮的条件之前。
每次您不将参数发布到页面以及发布错误的值时,都会显示错误的用户名消息。试试这个:
if (($_POST['username'])
&& ($_POST['username'] == $_SESSION['user'])
&& ($_POST['password'] == $_SESSION['pass'])) {
顺便说一句,会话不是存储用户名和密码的好存储库 - 它特定于当前用户。对于多用户系统,这些将存储在单独的数据库中,例如
if (($_POST['username']) && lookup($_POST['username'], $_POST['password'])) {
...