我是新的php和我谷歌一个简单的登录形式与源代码在它。代码是工作,但它不会重定向到我的主页,而不是留在登录页面仍然。以下是在用户输入正确凭证时负责重定向的身份验证代码:
ob_start();
session_start();
$error='';
if(isset($_POST['submit'])){
if(empty($_POST['username']) || empty($_POST['password'])){
$error="Username or Password is invalid";
}
else{
$username=$_POST['username'];
$password=$_POST['password'];
$cxn=mysql_connect("localhost","root","admin");
$username=stripslashes($username);
$password=stripslashes($password);
$username=mysql_real_escape_string($username);
$password=mysql_real_escape_string($password);
$db=mysql_select_db("hrdb",$cxn);
$query=mysql_query("select * from login where Username='$username' AND
Password='$password'",$cxn);
$rows=mysql_num_rows($query);
if($rows==1){
$_SESSION['log_user']=$username;
echo "test";
header('Location: http://localhost/HRMS/profile.php');
exit;
}else{
$error="Username or password is invalid";
}
mysql_close($cxn);
}
}
ob_end_flush();
你可以使用header()函数来发送一个新的HTTP头,但是这个头必须在任何HTML或文本之前发送给浏览器(例如,在声明之前)。
您可能希望在header
调用之后包含die
:
header("Location: http://localhost/HRMS/profile.php");
die();
我建议你使用mysqli而不是mysql和有一些小改动,请仔细检查并测试代码,它现在工作正常。
ob_start();
session_start();
$error='';
if(isset($_POST['submit'])){
if(empty($_POST['username']) || empty($_POST['password'])){
$error="Username or Password is invalid";
}
else{
$username=$_POST['username'];
$password= md5($_POST['password']);
$cxn= mysqli_connect("localhost","root","","hrdb");
$username=stripslashes($username);
$password=stripslashes($password);
$username=mysqli_real_escape_string($cxn,$username);;
$password=mysqli_real_escape_string($cxn,$password);;
$query=mysqli_query($cxn,"select * from user_mst_tbl where USER_NAME='".$username."' AND
PASS_WORD='".$password."'");
$rows=mysqli_num_rows($query);
if($rows==1){
$_SESSION['log_user']=$username;
echo "test";
header('Location: http://localhost/HRMS/profile.php');
}else{
$error="Username or password is invalid";
}
mysql_close($cxn);
}
}
ob_end_flush();
您正在接收错误:
Deprecated: mysql_connect(): mysql扩展名已弃用,将来会被删除:使用mysqli或PDO代替
因为您已经安装了XAMPP的更新版本。
您需要考虑使用预处理语句,而不是已弃用的mysql_*
API。您不需要在查询中使用每个变量之前对其进行消毒,因为预置语句会为您完成这些工作。
如果您要使用PHP的header()
函数,请确保在调用header()
之前没有任何输出。
检查你的profile.php
,如果它也有header()
调用,这将页面重定向回登录页面。
<?php
/* MAKE SURE THAT THERE ARE NO HTML/OUTPUTS ABOVE THIS CODE */
ob_start();
session_start();
$error = "";
/* ESTABLISH CONNECTION */
$con = new mysqli("localhost", "root", "admin", "hrdb");
/* CHECK CONNECTION */
if (mysqli_connect_errno()) {
printf("Connect failed: %s'n", mysqli_connect_error());
exit();
}
if(isset($_POST['submit'])){
if(empty($_POST['username']) || empty($_POST['password'])){
$error="Username or Password is invalid";
}
else{
if($stmt = $con->prepare("SELECT Username FROM login WHERE Username = ? AND Password = ?")){ /* CHECK AND PREPARE THE QUERY */
$stmt->bind_param("ss",$_POST["username"],$_POST["password"]); /* BIND THESE VARIABLES TO YOUR PREPARED QUERY; s STANDS FOR STRINGS */
$stmt->execute(); /* EXECUTE THE QUERY */
$rows = $stmt->num_rows; /* GET NUMBER OF ROWS/RESULTS */
if($rows == 1){ /* IF FOUND RESULT */
$stmt->bind_result($username); /* STORE THE RESULT TO THIS VARIABLE */
$stmt->fetch(); /* FETCH THE RESULT */
$_SESSION['log_user'] = $username; /* STORE THE RESULT TO THIS SESSION VARIABLE */
/* header('LOCATION: http://localhost/HRMS/profile.php'); REDIRECT THE PAGE TO profile.php */
?>
<meta http-equiv="refresh" content=".5; URL='profile.php'"/> <!-- REDIRECT TO profile.php IN HALF A SECOND -->
<?php
}
else {
$error="Username or password is invalid";
}
$stmt->close();
} /* END OF PREPARED STATEMENT */
} /* END OF ELSE */
} /* END OF ISSET SUBMIT */
ob_end_flush();
?>
您还应该保护存储在数据库中的密码。可以使用password_hash()