0

我有一个表单,它有两个值,用户和提交时传递。

$_POST['submit'] = the name of the submit button is "submit"

当用户提交时,我在 php 中有以下脚本来验证:

$logins = array(
    'user1' => 'pass1',
    'user2' => 'pass2',
    'user3' => 'pass3'
);

foreach($_POST as $key => $value) {  
    $_POST[$key] = stripslashes($_POST[$key]); 

    $_POST[$key] = htmlspecialchars(strip_tags($_POST[$key])); 
}

/******************************************************************************/
   if (isset($_POST['submit'])){

      $user = isset($_POST['user']) ? strtolower($_POST['user']) : '';
      $pass = isset($_POST['pass']) ? $_POST['pass'] : '';
      $report = $_POST['typereport'];

      if ($logins[$user] != $pass) {
         showForm("Wrong Username/Password");
         exit();     
      }
      else {
    if ($report == "Clinical") {
        $file = $filename;
        $contents = file($file); 
        $string = implode("<br>", $contents);
        echo "<head><title>ScoreViewer: Clinical</title></head>";
        echo "Logged in as: " . strtoupper($user) . "<br>";
        echo "<a href='log2.php'>Sign Out</a>";
        echo "<br><br>";
        echo "<pre>" . $string . "</pre>";
        echo "<br><br>";
    }
    elseif ($report == "Non-Clinical") {
        $file = $filename2;
        $contents = file($file); 
        $string = implode("<br>", $contents);
        echo "<head><title>ScoreViewer: Non-Clinical</title></head>";
        echo "Logged in as: " . strtoupper($user) . "<br>";
        echo "<a href='log2.php'>Sign Out</a>";
        echo "<br><br>";
        echo "<pre>" . $string . "</pre>";
        echo "<br><br>";
    }
      }
   } else {
      showForm();
      exit();
   }

现在会发生什么,脚本将比较输入的用户名和密码以找到匹配项。如果找到匹配项并基于它是什么类型的报告,它将显示。但是由于某种原因,只要按下提交按钮,它就会直接进入 IF 语句的临床部分。

如果我只使用没有数组的单个用户名/密码,它工作正常。如下所示:

$username = "user";
$password = "pass";

foreach($_POST as $key => $value) {  
    $_POST[$key] = stripslashes($_POST[$key]); 

    $_POST[$key] = htmlspecialchars(strip_tags($_POST[$key])); 
}

/******************************************************************************/
   if (isset($_POST['submit'])){

      $user = isset($_POST['user']) ? strtolower($_POST['user']) : '';
      $pass = isset($_POST['pass']) ? $_POST['pass'] : '';
      $report = $_POST['typereport'];

      if ($user != $username && $pass != $password) { #$logins[$user] != $pass) {
         showForm("Wrong Username/Password");
         exit();     
      }
      else {
// decide what to do here if the user and pass is correct, deleted to save space
      }
   } else {
      showForm();
      exit();
   }

我如何实现我想要完成的目标?

完整的 HTML 代码:Pastbin

4

1 回答 1

2 
  if ($logins[$user] != $pass) {// there lies error one...

$user 可能不是 $logins 数组中的键,请先检查array_key_exists

然后代码显示滥用“else”...

     showForm("Wrong Username/Password");
     exit();                    // That condition exits  
  }
      else {                    // So you do not need this else and the block.

所以重新写它:

$logins = array(
    'user1' => 'pass1',
    'user2' => 'pass2',
    'user3' => 'pass3'
);

foreach($_POST as $key => $value) {  
    $_POST[$key] = stripslashes($_POST[$key]); 
    $_POST[$key] = htmlspecialchars(strip_tags($_POST[$key])); 
}
/******************************************************************************/
if (isset($_POST['submit'])){
    $user = isset($_POST['user']) ? strtolower($_POST['user']) : '';
    $pass = isset($_POST['pass']) ? $_POST['pass'] : '';
    $report = $_POST['typereport'];
    if ((!array_key_exists($user, $logins))||($logins[$user] != $pass)) {
        showForm("Wrong Username/Password");
        exit();     
    }
    if($report == "Clinical") {
         $file = $filename;
         $contents = file($file); 
         $string = implode("<br>", $contents);
         echo "<head><title>ScoreViewer: Clinical</title></head>";
         echo "Logged in as: " . strtoupper($user) . "<br>";
         echo "<a href='log2.php'>Sign Out</a>";
         echo "<br><br>";
         echo "<pre>" . $string . "</pre>";
         echo "<br><br>";
    } 
             // No need if you only have only clinic and non clinic reports...
             // elseif ($report == "Non-Clinical") {
    else {   // now non clinic
         $file = $filename2;
         $contents = file($file); 
         $string = implode("<br>", $contents);
         echo "<head><title>ScoreViewer: Non-Clinical</title></head>";
         echo "Logged in as: " . strtoupper($user) . "<br>";
         echo "<a href='log2.php'>Sign Out</a>";
         echo "<br><br>";
         echo "<pre>" . $string . "</pre>";
         echo "<br><br>";
    }    // this block ends non clinic - clinic choices...
}        // this ends the if (isset($_POST['submit']))
else {   // and this does if !isset($_POST['submit'])
    showForm();
    exit();
}

希望这可以帮助

于 2013-03-08T22:42:44.467 回答