0

我有一个登录表单(HTML -> PHP)。我输入正确的详细信息,然后重新加载页面,我必须再次输入详细信息。我按下提交,然后它又做了一次。在第三次(有时我认为是第二次)它实际上让我登录。

任何帮助将不胜感激。

这是表单 HTML:

<!-- Login Form -->
                    <form method="post" id="login-form-splash">
                    <input type="text" class="text" name="username" onfocus="if(this.value == 'Username') { this.value = ''; }" value="Username" />
                    <input type="password" name="password" class="password" onfocus="if(this.value == 'Password') { this.value = ''; }" value="Password" />
                    <input type="submit" name="submit" value="Login" class="submit" />
                    <br />
                    <a href="resetpassword.php"><span>Lost Password?</span></a>
                    <br />
                    No account yet? <a href="register.php">Register</a>.<br />
            </form>

这是实际登录的PHP:

<?php
//Check if login form was submitted.
if(isset($_POST['submit']))
{   

    //include important settings and functions.
    include($_SERVER['DOCUMENT_ROOT'] . '/includes/config.php');

    //Check if both fields were completed.
    if($_POST['username'] == '' || $_POST['password'] == '')
    {
        //Tell them whats wrong.
        echo "<script language=\"javascript\">alert('You need to complete both fields.');</script>";
    }   else
        {
            //The completed both fields.
            //Localise vars.
            $username = $_POST['username'];
            $password = $_POST['password'];

            //Protect against SQL Injection using mysql_prep function. [mysql_prep can be found in ./includes/functions.php]
            mysql_prep($username);
            mysql_prep($password);

            //MD5 Hash the password to check against hashed password in DB.
            $password = md5($password);

            //Connect to MySQL Database.
            include($_SERVER['DOCUMENT_ROOT'] . '/includes/connect.php');

            //If connection exists
            if(isset($mysql_connection))
            {
                //Run MySQL Query on DB.
                $sql = "SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'";
                $result = mysql_query($sql, $mysql_connection) or die('Cannot Execute:'. mysql_error());

                //Check if there is a match. There can only be one.
                if(mysql_num_rows($result) == 1)
                {
                    //Create session variables and set values within them.
                    $_SESSION['username'] = $username;

                    //Redirect to Members page.
                    header('Location: members.php'); 
                }   else
                    {
                        //Username and Password are not correct, or the account doesn't exist.
                        echo "<script language=\"javascript\">alert('Please check that you have entered the details correctly.');</script>";
                    }
            }   else
                {
                    //Database error.
                    echo "<script language=\"javascript\">alert('There was a database error. Please try again or contact a technician at errors@eatgamesleep.com');</script>";
                }
        }
}
?>
4

1 回答 1

0

也许你应该更换

 if(isset($mysql_connection)) {

只是

if($mysql_connection){
于 2013-03-03T10:10:16.160 回答