0

我刚开始学习 PHP,在让一个简单的登录页面正常工作时遇到了一些麻烦。当我第一次加载这个脚本时,文本“错误的密码/用户名”。并打印注销按钮,但不打印登录表单。为什么会发生这种情况,我将如何更改代码以使登录表单和注销按钮按预期协同工作?

<?php

if (isset($_POST['log_out'])) { // If the page was reloaded as a result of the user having clicked the logout button,
session_destroy(); // kill session.
}

session_start(); // Start a new session with

$_SESSION['user'] = 'foo'; // a static username, and
$_SESSION['pass'] = 'bar'; // a static password.
// If I insert $_SESSION['logged_in'] = 'false'; here to start things off, a blank alert box will be returned no matter from where on the page I alert() the value with JS. On the other hand, without this line the same alert will return "1" both here and further down in the script.

if (($_POST['username'] == $_SESSION['user']) && ($_POST['password'] == $_SESSION['pass'])) { // If the username and password filled in before the page reload match the static ones,
    $_SESSION['logged_in'] = true; // the user is logged in.
} else { // If there is no match ...
    echo 'Wrong password/username.';
}

include("head.php"); // HTML snippet with everything from the DOCTYPE to the opening BODY tag.

?>
            <div> // HTML interlude ...
<?php

// If the user is logged in, print out a logout button in HTML at the top of the page:

if (isset($_SESSION['logged_in']) && ($_SESSION['logged_in'] == true)) {
    echo '          <form action="index.php" method="post">';
    echo '            <input type="submit" name="log_out" value="Log out">';
    echo '          </form>';
}

?>
                <p>HTML interlude ...</p>

<?php

// If the user is not logged in, print out a login form in HTML at the bottom of the page:

if ($_SESSION['logged_in'] != true) {

    echo '            <form action="index.php" method="post">';
    echo '              <label for="username">Username</label><br>';
    echo '              <input type="text" name="username" id="username"><br>';
    echo '              <label for="password">Password</label><br>';
    echo '              <input type="text" name="password" id="password"><br>';
    echo '              <input type="submit" name="submit" id="submit" value="Log in">';
    echo '            </form>';

}

?>
            </div>
<?php include("footer.php"); ?>
4

4 回答 4

1 
if (($_POST['username'] == $_SESSION['user']) && ($_POST['password'] == $_SESSION['pass'])) { the static ones,
    $_SESSION['logged_in'] = true; // the user is logged in.
} else { 
    echo 'Wrong password/username.';
}

当页面第一次加载时,这部分会显示“错误的密码/用户名”,因为如果没有来自$_POST['username'].

将条件添加isset($_POST['username']) && isset($_POST['password'])到两个选项。像这样:

if(isset($_POST['username']) && isset($_POST['password'])){
    if (($_POST['username'] == $_SESSION['user']) && ($_POST['password'] == $_SESSION['pass'])) { the static ones,
        $_SESSION['logged_in'] = true; // the user is logged in.
    } else { 
        echo 'Wrong password/username.';
    }
}

这样,第一次加载页面时不会评估任何内容,但只有在发布凭据时才会评估。

于 2012-04-27T08:05:50.370 回答
0

您可以通过调试脚本来发现:将期望存储到变量中并打印出来,例如:

$isLoggedIn = $_SESSION['logged_in']; # Give things a name! (always useful)
echo 'isLoggedIn: ', var_dump($isLoggedIn), "\n"; # debugging
if ($isLoggedIn != true) {

    echo '            <form action="index.php" method="post">';
    echo '              <label for="username">Username</label><br>';
    echo '              <input type="text" name="username" id="username"><br>';
    echo '              <label for="password">Password</label><br>';
    echo '              <input type="text" name="password" id="password"><br>';
    echo '              <input type="submit" name="submit" id="submit" value="Log in">';
    echo '            </form>';

}
于 2012-04-27T07:59:52.007 回答
0

第一次加载页面时,除非您传递所需的帖子变量,否则您的条件检查

if (($_POST['username'] == $_SESSION['user']) && ($_POST['password'] == $_SESSION['pass']))

将失败,因此显示Wrong password/username.消息。

于 2012-04-27T08:02:57.590 回答
0

代码看起来不错,实际上对于“刚刚学习”的人来说做得很好。

鉴于代码没有明显错误(一些粗糙的边缘 - 在比较布尔值时,您应该考虑使用 '===' 而不是 '=='),那么问题可能出在会话上。

尝试...

print_r($_SESSION);

紧接在 session_start() 之后;在选择是否显示注销按钮的条件之前。

每次您将参数发布到页面以及发布错误值时,都会显示错误的用户名消息。试试这个:

if (($_POST['username'])
    && ($_POST['username'] == $_SESSION['user']) 
    && ($_POST['password'] == $_SESSION['pass'])) {

顺便说一句,会话不是存储用户名和密码的好存储库 - 它特定于当前用户。对于多用户系统,这些将存储在单独的数据库中,例如

if (($_POST['username']) && lookup($_POST['username'], $_POST['password'])) {
...
于 2012-04-27T08:07:26.127 回答