事情如下:我创建了一个登录表单,用于检查用户是管理员还是会员然后将它们重定向到正确的页面。它运行良好。
当用户输入错误的用户并通过时,问题就开始了登录页面进入某种循环。
我做错了什么?
谢谢你的帮助login.php:
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "חלק מהנתונים שסופקו, שגויים.";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
include "config.php";
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
// Selecting Database
$tbl_name="users";
//$db = mysql_select_db($tbl_name, $conn);
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select * from $tbl_name where userpassword='$password' AND username='$username'", $conn);
$rows = mysql_num_rows($query);
$dbdata = mysql_fetch_array($query) or die(mysql_error());
if ($rows == 1) {
$flag = $dbdata['admin'];
if ($flag == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: index.php"); // Redirecting To Other Page
} elseif($flag == 0){
$_SESSION['login_user']=$username; // Initializing Session
header("location: user.php"); // Redirecting To Other Page
} else{
session_destroy();
header("location: errorlog.php");
}}
mysql_close($conn); // Closing Connection
}}
?>
<!DOCTYPE html>
<html dir="rtl" lang="he">
<head>
<title>המסלקה| כניסת סוכנים</title>
<link href="../css/adminstyle.css" rel="stylesheet" type="text/css">
<link href="login.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="main">
<h1>ברוכים הבאים</h1>
<div id="login">
<h2>מלא טופס זה על מנת להיכנס</h2>
<form action="" method="post">
<label>שם משתמש :</label>
<input id="name" name="username" placeholder="באותיות ומספרים" type="text">
<label>סיסמה :</label>
<input id="password" name="password" placeholder="**********" type="password">
<input name="submit" type="submit" value=" התחבר ">
<span><?php echo $error; ?></span>
</form>
</div>
</div>
</body>
</html>
尝试使用exit-after-header函数,因为在重定向而不退出后,脚本将继续执行:
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "חלק מהנתונים שסופקו, שגויים.";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
include "config.php";
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
// Selecting Database
$tbl_name="users";
//$db = mysql_select_db($tbl_name, $conn);
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select * from $tbl_name where userpassword='$password' AND username='$username'", $conn);
$rows = mysql_num_rows($query);
$dbdata = mysql_fetch_array($query) or die(mysql_error());
if ($rows == 1) {
$flag = $dbdata['admin'];
if ($flag == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: index.php");exit; // Redirecting To Other Page
} elseif($flag == 0){
$_SESSION['login_user']=$username; // Initializing Session
header("location: user.php");exit; // Redirecting To Other Page
} else{
session_destroy();
header("location: errorlog.php");exit;
}}
mysql_close($conn); // Closing Connection
}}
?>
还要确保在脚本中启用了错误报告:
<?php
// Turn off error reporting
error_reporting(0);
// Report runtime errors
error_reporting(E_ERROR | E_WARNING | E_PARSE);
// Report all errors
error_reporting(E_ALL);
// Same as error_reporting(E_ALL);
ini_set("error_reporting", E_ALL);
// Report all errors except E_NOTICE
error_reporting(E_ALL & ~E_NOTICE);
?>
如果您的用户名/密码不正确
if ($rows == 1) {
将是错误的。您捕获了一个不正确的标志,但此if语句上没有else。
如果您希望它破坏会话并转到错误页面,请添加
session_destroy();
header("location: errorlog.php");
换成该组的其他人。否则写入$error变量,例如:
$error='username or password not recognised';
检查用户是否不存在的错误检查是错误的。如果用户不存在,则CCD_ 3返回CCD_。在您的if (row == 1)之后添加一个额外的else语句或检查是否为$rows === false并相应重定向。
所以在if之前添加这个就足够了。(插入if(row==1)之前)
if($rows === false){
session_destroy();
header("location: errorlog.php");
}