1

您好,当用户输入错误的用户名或密码时,我正在做小型登录表单,它重定向到登录页面,但在我的脚本标题功能不起作用

这是 logging.php 页面

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
                    "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
  <script src="http://code.jquery.com/jquery-latest.js"></script>
  <script type="text/javascript" src="http://jzaefferer.github.com/jquery-validation/jquery.validate.js"></script>
<style type="text/css">
* { font-family: Verdana; font-size: 96%; }
label { width: 10em; float: left; }
label.error { float: none; color: red; padding-left: .5em; vertical-align: top; }
p { clear: both; }
.submit { margin-left: 12em; }
em { font-weight: bold; padding-right: 1em; vertical-align: top; }
</style>
  <script>
  $(document).ready(function(){
    $("#commentForm").validate();
  });
  </script>

</head>
<body>


 <form class="cmxform" enctype="multipart/form-data" id="commentForm" method="post" action="buy.php">
 <fieldset>
   <legend>A simple comment form with submit validation and default messages</legend>
   <p>
     <label for="cname">Name</label>
     <em>*</em><input id="name" name="name" size="25" class="required" minlength="2" />
   </p>
   <p>
     <label for="cemail">Password</label>
     <em>*</em><input id="password" type="password" name="password" size="25"  class="required" />
   </p>
   <p>&nbsp;</p>
  <p>&nbsp;</p>
   <p>
     <input class="submit" type="submit" value="login"/>
   </p>
 </fieldset>
 </form>
</body>
</html>

这是登录后的buy.php页面,它转到此页面

<?php
session_start();

$Name = $_POST['name'];
$Pass = $_POST['password'];

//STEP 1 Connect To Database
$host= "localhost";
$dbname= "register";
$user = "root";
$pass = "";

try {  
  # MySQL with PDO_MYSQL  
  $DBH = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);  
  //$DBH->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION ); 
  $STH = $DBH->query("SELECT username, password from tbl_users");
  $STH->execute();

  //STEP 2 Declare Variables

$Query = $DBH->query("SELECT * FROM tbl_users WHERE username='$Name' AND password='$Pass'");
$Query->execute();
$Query->setFetchMode(PDO::FETCH_NUM); 

$NumRows = $Query->fetch();
$_SESSION['name'] = $Name;
$_SESSION['password'] = $Pass;

//STEP 3 Check to See If User Entered All Of The Information

if(empty($_SESSION['name']) || empty($_SESSION['password']))
{
die("could not connect");
}

if($Name && $Pass == "")
{
die("Please enter  a name and password!");
}

if($Name == "")
{
die("Please enter your name!" . "</br>");
}

if($Pass == "")
{
die("Please enter a password!");
echo "</br>";
}

//STEP 4 Check Username And Password With The MySQL Database

if($NumRows != 0)
{

$STH->setFetchMode(PDO::FETCH_ASSOC); 
while($Row = $STH->fetch())
{
$dname = $Row['username'];
$dpass = $Row['password'];

}

}
else
{
die("Incorrect Username or Password!");

 if( $_SESSION['name']!= $dname || $_SESSION['password'] != $dpass) 
 {
    header("location: login.php");
  } 
  else 
  {
     header("location: http://www.google.com");
  }

}

if($Name == $dname && $Pass == $dpass)
{
// If The User Makes It Here Then That Means He Logged In Successfully
echo "Hello " . $Name . "!";
}
}  

catch(PDOException $e) {  
    echo "I'm sorry, Dave. I'm afraid I can't do that.";  
    $e->getMessage(); 
} 
?>
<html>
<body>
<p>Here is where you can put information for the user to see when he logs on. (Anything inside these html tags!)</p>
</body>
</html>
4

5 回答 5

1

当您使用:

die("Incorrect Username or Password!");

它将输出文本:Incorrect Username or Password!并且在使用标题时,在调用它之前不得输出任何内容。

文档

请记住,必须在发送任何实际输出之前调用 header(),无论是通过普通 HTML 标记、文件中的空白行还是从 PHP 发送。使用 include 或 require 函数或其他文件访问函数读取代码并在调用 header() 之前输出空格或空行是一个非常常见的错误。使用单个 PHP/HTML 文件时也存在同样的问题。

编辑

实际上die是等价的,exit所以一旦你点击那行,脚本的其余部分就不会运行。所以对 header() 的调用永远不会进行。

于 2013-02-20T13:15:04.753 回答
0

die("用户名或密码错误!"); 它将输出文本:用户名或密码不正确!并且在使用标头时,您不能在调用它之前输出任何内容。因为当你使用 header 时,请记住不要使用 before header 函数

于 2013-02-20T13:22:54.177 回答
0

检查<?php标签前是否有空格,如果有,请将其删除

改变 :

if($Name && $Pass == "")

至 :

if($Name=="" && $Pass == "")

于 2013-02-20T13:17:30.560 回答
0

在使用标头之前您不能输出任何内容,它会产生标头已发送错误。当用户输入错误的用户名或密码时,使用 url 中的标志(如 ?error=true)进行重定向,并触发 javascript 代码显示登录无效的错误消息。

于 2013-02-20T13:17:48.080 回答
0

超出主题,您需要更改此行。因为您似乎是直接从帖子中获取这些变量,这并不安全。

// wrong
$Query = $DBH->query("SELECT * FROM tbl_users 
    WHERE username='$Name' AND password='$Pass'");
$Query->execute();

// true
$Query = $DBH->query("SELECT * FROM tbl_users 
    WHERE username = :username AND password = :password");
$Query->execute(array(':username' => $Name, ':password' => $Pass));

在此处查看更多详细信息:http: //php.net/manual/en/pdostatement.execute.php

于 2013-02-20T13:25:11.683 回答