我想创建一个登录表单形式我的php网站,我有以下代码:
<?php
session_start();
require("includes/connect.php");
?>
<div class="container">
<form class="form-signin" role="form" action="login.php" method="post">
<h2 class="form-signin-heading">Please sign in</h2>
<input type="text" class="form-control" placeholder="Username" name="username_login" required autofocus>
<input class="form-control" type="password" placeholder="Password" name="user_password" required>
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
<label class="forgotten"><a href="forgottenpass.php">Forgotten password?</a></label>
</form>
<?php
//if an admin or user session is already in progress then dont let them log in, redirect to 'index.php'
if (isset($_SESSION['admin']) && ($_SESSION['admin'] == true) || isset($_SESSION['user']) && ($_SESSION['user'] == true)) {
header ("Location: index.php");
//if use not logged in then
}else{
//if username and password are entered, blank before user fills form
$usr = (isset($_POST['username_login'])? $_POST['username_login']:null);
$pwd = (isset($_POST['user_password'])? $_POST['user_password']:null);
$usr = mysqli_escape_string($conn, $usr); //Prevent against SQL Injection by avoiding "'" being executed
$pwd = mysqli_escape_string($conn, $pwd); //Prevent against SQL Injection by avoiding "'" being executed
if ($usr && $pwd){
$epwd = $pwd;
$q = "SELECT * FROM users WHERE UName='$usr' LIMIT 1;";
$resultset = mysqli_query($conn,$q);
$rowcount = mysqli_num_rows($resultset);
if ($rowcount==1){
while ($userRow = mysqli_fetch_assoc($resultset)){
//Get the DB username and password to compare
$dataBaseEmail = $userRow['UName'];
$dataBasePass = $userRow['Password'];
$userGroup = $userRow['UserLevelID'];
}
mysqli_free_result($resultset);
unset($q);
//Compare DB user and pass to those entered
if ($usr == $dataBaseEmail && $epwd == $dataBasePass){
//Now that we know they are activated ect, we can create a session based on their privlidges
if ($userGroup ==1){ //ADMIN load the console
header("Location: index.php");
$_SESSION['admin'] = true;
}else{ //Normal User
header ("Location: logout.php");
$_SESSION['user'] = true;
$_SESSION['user'] = $dataBaseEmail;
}
}else{//user and pass do not match DB
echo '<div class="login-error">Incorrect Password, try again</div>';
}
}else{
echo '<div class="login-error">Error: There is no such user registered on the system. Please check the username and password entered.</div>';
}
}
}
?>
</div> <!-- /container -->
我敢肯定我有这个工作以前,但现在当你输入你的用户名和密码它只是刷新表单没有错误信息或任何东西,我不知道为什么?
头语句必须在任何HTML代码之前使用。来源:http://pl1.php.net/manual/en/function.header.php
再次检查您的代码,您的查询在admin会话检查后继续破坏,因为您没有添加如果表单张贴检查
在这行
if (isset($_SESSION['admin']) && ($_SESSION['admin'] == true) || isset($_SESSION['user']) && ($_SESSION['user'] == true)) {
header ("Location: index.php");
//if use not logged in then
}else{
在else后添加另一个if语句
if (isset($_SESSION['admin']) && ($_SESSION['admin'] == true) || isset($_SESSION['user']) && ($_SESSION['user'] == true)) {
header ("Location: index.php");
//if use not logged in then
}else
if ( trim($_POST['username_login']) AND trim($_POST['user_password']))
{
您必须将LOGIN code的位置更改为before HTML tags,因为header()在header发送任何输出到客户端浏览器后将不起作用。
<?php
session_start ();
require ("includes/connect.php");
//Check for FORM POST
if (isset ( $_POST ['username_login'] ) && isset ( $_POST ['user_password'] )) {
// if an admin or user session is already in progress then dont let them log in, redirect to 'index.php'
if (isset ( $_SESSION ['admin'] ) && ($_SESSION ['admin'] == true) || isset ( $_SESSION ['user'] ) && ($_SESSION ['user'] == true)) {
header ( "Location: index.php" );
// if use not logged in then
} else {
// if username and password are entered, blank before user fills form
$usr = (isset ( $_POST ['username_login'] ) ? $_POST ['username_login'] : null);
$pwd = (isset ( $_POST ['user_password'] ) ? $_POST ['user_password'] : null);
$usr = mysqli_escape_string ( $conn, $usr ); // Prevent against SQL Injection by avoiding "'" being executed
$pwd = mysqli_escape_string ( $conn, $pwd ); // Prevent against SQL Injection by avoiding "'" being executed
if ($usr && $pwd) {
$epwd = $pwd;
$q = "SELECT * FROM users WHERE UName='$usr' LIMIT 1;";
$resultset = mysqli_query ( $conn, $q );
$rowcount = mysqli_num_rows ( $resultset );
if ($rowcount == 1) {
while ( $userRow = mysqli_fetch_assoc ( $resultset ) ) {
// Get the DB username and password to compare
$dataBaseEmail = $userRow ['UName'];
$dataBasePass = $userRow ['Password'];
$userGroup = $userRow ['UserLevelID'];
}
mysqli_free_result ( $resultset );
unset ( $q );
// Compare DB user and pass to those entered
if ($usr == $dataBaseEmail && $epwd == $dataBasePass) {
// Now that we know they are activated ect, we can create a session based on their privlidges
if ($userGroup == 1) { // ADMIN load the console
header ( "Location: index.php" );
$_SESSION ['admin'] = true;
} else { // Normal User
header ( "Location: logout.php" );
$_SESSION ['user'] = true;
$_SESSION ['user'] = $dataBaseEmail;
}
} else { // user and pass do not match DB
echo '<div class="login-error">Incorrect Password, try again</div>';
}
} else {
echo '<div class="login-error">Error: There is no such user registered on the system. Please check the username and password entered.</div>';
}
}
}
}
?>
<!-- container -->
<div class="container">
<form class="form-signin" role="form" action="login.php" method="post">
<h2 class="form-signin-heading">Please sign in</h2>
<input type="text" class="form-control" placeholder="Username"
name="username_login" required autofocus>
<input class="form-control" type="password" placeholder="Password" name="user_password" required>
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
<label class="forgotten">
<a href="forgottenpass.php">Forgotten password?</a></label>
</form>
</div>
<!-- /container -->
".mysql_errno();}}其他的{回声mysql_error()。
".mysql_errno ();}//echo $用户名。"——"美元密码;?>
".mysql_errno ();}//echo $用户名。"——"美元密码;?>
<form class="form-signin" role="form" action="login.php" method="post">
<h2 class="form-signin-heading">Please sign in</h2>
<input type="text" class="form-control" placeholder = "Username"name="username_login" >
<input class="form-control" type="password" placeholder = "password" name="user_password" >
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
<label class="forgotten"><a href="../forgottenpass.php">Forgotten password?</a></label>
</form>