3

在我的登录脚本中一切正常。我在我的 div (id=login_reply) 中得到了正确的响应,并且会话开始了。但是每当我刷新页面时,login_reply 就消失了。我怎样才能保留 login_reply?谢谢!

这是php: 

if (isset($_POST['username'], $_POST['password']))
{
    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string(md5($_POST['password']));

    $check = mysql_query("SELECT * FROM `userbase` WHERE `user_name` = '$username'");
    if (mysql_num_rows($check) > 0)
    {
        while ($row = mysql_fetch_assoc($check))
        {
            $user_id = $row['user_id'];
            $user_name = $row['user_name'];
            $user_email = $row['user_email'];
            $user_password = $row['user_password'];

            if ($password == $user_password)
            {
                $_SESSION['user_id'] = $user_id;
                if (isset($_SESSION['user_id']) && $_SESSION['user_id'] != '')  
                    echo "Welcome back '$user_name'!";
                else
                {
                    echo 'no';
                }

            }
            else
                echo 'no';
        }
    }
    else
        echo 'no';  
}

这是 jQuery

$(document).ready(function()
{

$('#login').click(function()
{
    var username = $('#username').val();
    var password = $('#password').val();

    $.ajax(
    {
        type: 'POST',
        url: 'php/login.php',
        data: 'username=' +username + '&password=' + password,
        success: function(data)
        {
            if (data != 'no')
            {
                $('#logform').slideUp(function()
                {
                    $('#login_reply').html(data).css('color', 'white');
                });
            }
            else                    
                $('#login_reply').html('Invalid username or password').css('color', 'red');
        }
    });
    return false;
});
});
4

3 回答 3

3

问题是 JS 只是客户端脚本语言 - 它仅在客户端浏览器上处理。

如果您想使用 AJAX 登录,可以,但是您必须将登录用户的值存储到会话(或 cookie)中。然后在每次页面加载时,您将检查该会话或 cookie 是否已设置并存在,如果存在,您将在登录后写下与 jQuery 对应的 HTML...

换句话说,您将执行以下操作:

  1. 页面加载 - 用户未登录
  2. 用户填写登录凭据并单击“登录”
  3. 您检查该用户是否存在,如果存在,则保存$_SESSION['username'](例如)
  4. 在 AJAX 中你填写$('#login_reply')
  5. 用户点击您网站中的某些链接
  6. 您检查您是否有一个值(或设置了索引)$_SESSION['username']
  7. 如果是,通过 PHP 您将填写#login_reply div,如果不是,您将显示登录表单...

希望这可以帮助...

EDIT1:您还应该以客户端浏览器上没有 JS 工作(禁用)的方式实现登录功能,因此应该考虑正常的 POST...

EDIT2:我还想指出一些一般的编程错误......

这是您添加了我的评论的代码:

if (isset($_POST['username'], $_POST['password']))
{ // <-- This is a .NET style of writing the brackets that I don't like much and I guess PHP don't like .NET either :-)
    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string(md5($_POST['password']));

    $check = mysql_query("SELECT * FROM `userbase` WHERE `user_name` = '$username'"); // <-- mysql_* method calls should be replaced by PDO or at least mysqli
    // Also the query could be improved
    if (mysql_num_rows($check) > 0)
    {
        while ($row = mysql_fetch_assoc($check)) // <-- why calling while when You expect ONLY one user to be found?
        {
            $user_id = $row['user_id'];
            $user_name = $row['user_name'];
            $user_email = $row['user_email'];
            $user_password = $row['user_password']; // <-- What are these last 4 lines good for? This is useless...

            if ($password == $user_password) // <-- this condition SHOULD be within the SQL query...
            {
                $_SESSION['user_id'] = $user_id;
                if (isset($_SESSION['user_id']) && $_SESSION['user_id'] != '')  // <-- this condition is useless as You have just set the session variable... 
                // ALSO, if You use brackets with else it is good to use brackets also with if
                    echo "Welcome back '$user_name'!";
                else
                {
                    echo 'no';
                }

            }
            else
                echo 'no';
        }
    }
    else
        echo 'no';  
}

这是我重写的代码(仍然使用 mysql_*,对此感到抱歉):

if (isset($_POST['username'], $_POST['password'])) {
    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string(md5($_POST['password']));

    $check = mysql_query("SELECT * FROM `userbase` WHERE `user_name` = '{$username}' AND `user_password` = '{$password}' LIMIT 1"); // <-- We check whether a user with given username AND password exists and we ONLY want to return ONE record if found...
    if ($check !== false) {
        $row = mysql_fetch_assoc($check);

         $_SESSION['user_id'] = $row['user_id'];

         echo "Welcome back '{$row['user_name']}'!";
    } else {
        echo 'no';
    }
} else
    echo 'no';
}
于 2012-05-15T08:10:57.567 回答
2

最简单的解决方案是使用 cookie:

在 PHP 方面,您声明并删除 cookie:

<?php
if (!isset($_COOKIE['new_one']) ) {
  setcookie('new_one', "ole", 0, "/");
  echo "logged in";
}
else {
  setcookie('new_one', null);
  echo "logged out";
}
?>

在 jQuery 客户端:

$(document).ready(function() {
  if ($.cookie("new_one") === "ole") {
    $('#login_reply').html("Show msg only when the server sets the cookie.");
  }
});
于 2012-05-15T08:16:27.467 回答
1

您需要将您的登录回复数据存储在您的服务器或会话中的某个位置;javascript 是一种客户端语言,因此在刷新之间不会保留任何获得的值。

我建议您存储结果,然后在使用 php 生成页面时检查它是否存在;如果是,请填写数据..等。

于 2012-05-15T08:01:30.483 回答