所以我有一个登录脚本,不太确定为什么它不能工作。在我的用户表中,我有以下字段:
表:用户
Field 1) ID
Field 2) Password (it is stored with crypt)
Field 3) Status (ranges from 0-2)
index.php
<?php
session_start();
unset($_SESSION['Status']);
?>
<head>
<title>Login Form</title>
<link rel="stylesheet" type="text/css" href="login.css">
<img src="logo1.jpg" style="float:left; width:490px; height:130px; margin-top: -70px;">
<!--[if lt IE 9]><script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script><![endif]-->
</head>
<body>
<section class="container">
<div class="login">
<h1>Login</h1>
<form action="process_login.php" method="POST"/>
<div class="help-tip">
<p>Enter the User ID and Password that you were given, in order to login. If you have forgotten your ID or Password, contact Admin</p>
</div>
<p><input type="number" name="ID" value="" placeholder="ID*" required autofocus></p>
<p><input type="password" name="Password" value="" placeholder="Password*" required></p>
<p class="submit"><input type="submit" name="commit" value="Login"></p>
</form>
</div>
process_login.php
<?php
session_start();
?>
<?php
//Connect to host site and databse
include("functions.php");
// Fetching variables
$id = $_POST['ID'];
$pw = crypt($_POST['Password']);
//Find user details from User table using the username entered and comparing the entered password with the one retrieved form the user table
$UserValidate = mysqli_query ("SELECT * FROM User WHERE ID = '$id'") or die (mysqli_error());
$row = mysqli_fetch_array($UserValidate);
$CorrectId = $row['ID'];
$CorrectPw = $row['Password'];
$UserType = $row['Status'];
//check if ID in database
if ($id == $CorrectId) {
//check if password is assigned to that username and is correct
if ($pw == $CorrectPw) {
//check if user is standard user
if ($UserType == 0) {
$_SESSION['CadetUser'] = $id;
header('http://****/calendar.php:'.$url);die();
if ($UserType == 1) {
$_SESSION['StaffUser'] = $id;
header('http://****/calendar_staff.php:'.$url);die();
if ($UserType == 2) {
$_SESSION['AdminUser'] = $id;
header('http://****/calendar_admin.php:'.$url);die();
}
}
else {
echo "Either your ID or Password is wrong";
header('http://******/index.php:'.$url);die();
}
}
}
}
?>
更新我的问题是,当我使用正确的详细信息登录时,会出现一个空白屏幕。它只是在process_login.php处停止此外,我还将重定向更改为"标题……",如建议的
对于重定向,您可以尝试
header('location:'.$url);die();
注意:删除所有的echo或print before header,并确保在php打开标签
顺便说一句,您的SQL语句容易受到SQL注入的攻击,因为您将$id直接放入语句中。使用参数和mysqli 要安全得多
这是您的代码-缩进,如您在文章中输入的:
//check if ID in database
if ($id == $CorrectId) {
//check if password is assigned to that username and is correct
if ($pw == $CorrectPw) {
//check if user is standard user
if ($UserType == 0) {
$_SESSION['CadetUser'] = $id;
header('http://****/calendar.php:'.$url);
die();
if ($UserType == 1) {
$_SESSION['StaffUser'] = $id;
header('http://****/calendar_staff.php:'.$url);
die();
// <----- missing a closing brace
if ($UserType == 2) {
$_SESSION['AdminUser'] = $id;
header('http://****/calendar_admin.php:'.$url);
die();
}
}
else {
echo "Either your ID or Password is wrong"; // you need to remove this; outputting HTML prior to sending headers will result in a PHP error
header('http://******/index.php:'.$url);
die();
}
}
}
} // <----- remove this
正如你所看到的,唯一有机会的条件是if ($UserType == 0)
。更不用说其中有一个错误的}
,它可能会导致语法错误。
您的标头中也缺少Location
,例如header('Location: url/goes/here.php');
我已经在下面重新格式化了你的代码,并修复了语法错误:
//check if ID in database
if ($id == $CorrectId && $pw == $CorrectPw) {
//check if user is standard user
if ($UserType == 0) {
$_SESSION['CadetUser'] = $id;
header('Location: http://****/calendar.php:'.$url);
die();
}
elseif ($UserType == 1) {
$_SESSION['StaffUser'] = $id;
header('Location: http://****/calendar_staff.php:'.$url);
die();
}
elseif ($UserType == 2) {
$_SESSION['AdminUser'] = $id;
header('Location: http://****/calendar_admin.php:'.$url);
die();
}
else {
header('Location: http://******/index.php:'.$url);
die();
}
}
由于if ($id == $CorrectId)
和if ($pw == $CorrectPw)
是必须满足才能继续的必要条件,因此将它们包含在一个条件中是有意义的。。为了可读性。尽可能避免嵌套条件过深。使事情变得混乱,代码难以阅读/遵循。你可以看到我把它们添加到了一个单独的条件中。
更改头函数
header('http://****/calendar.php:'.$url);
至
header('location : http://****/calendar.php:');
在标题中添加位置,如上所示