0

I am trying to right a simple login script. When I execute the "checklogin.php" script (upon being called by the login form) - nothing happens. I stay on index.php, and I still see the form (which should have been removed by some jquery). If I open firebug I see this:

POST http://localhost/~Eamon/checklogin.php 200 OK 2ms  jquery.js (line 8724)
GET http://localhost/~Eamon/templates/login_success.php 302 Found 1ms   jquery.js (line 8724)
GET http://localhost/~Eamon/index.php 200 OK 1ms    
GET http://localhost/~Eamon/reqscripts/jquery.js?_=1371173056318 200 OK 1ms jquery.js (line 8724)
GET http://localhost/~Eamon/js/application.js?_=1371173056319 200 OK 0

There aren't any errors - but I'm wondering if all those "GET" requests are correct. Should any of them be "POST"?

Here is my code:

index.php

<!DOCTYPE html>
<html>
<head>
<title>it IT</title>
<script src="reqscripts/jquery.js"></script>
<script src="js/application.js"></script>
</head>
<body>
<form id="login" method="post" action="checklogin.php">
    <h1>Member Login</h1>
    <p>Username:<input name="myusername" type="text" id="myusername"></p>
    <p>Password:<input name="mypassword" type="password" id="mypassword"></p>
    <input type="submit" name="Submit" value="Login">
</form>
</body>
</html>

checklogin.php

<?php

session_start();

$host="localhost"; // Host name
$username="root"; // Mysql username
$password="bonjour3"; // Mysql password
$db_name="itit"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
$mysqli = new mysqli("$host", "$username", "$password", "$db_name")or die("cannot connect");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$sql = $mysqli->prepare("SELECT * FROM $tbl_name WHERE username=? and password=?");
$sql->bind_param('ss',$myusername,$mypassword);
$sql->execute();
$sql->store_result();//apply to prepare statement
$numRows = $sql->num_rows;

if($numRows === 1){
    $_SESSION['username'] = $myusername;
}
else {
    echo "Wrong Username or Password";
}

session_destroy();

?>

js/application.js

$(document).ready(function() {
    $("#login").submit(function(e) {  
        e.preventDefault();
        $.post("checklogin.php", $(this).serialize(), function(){
            $("#showuser").load("templates/login_success.php");
            $("#login").remove();
        });
    });
});

templates/login_success.php

<?php
session_start();

if($_SESSION['username'] === null){
    header("location: ../index.php");
}
?>

<!DOCTYPE html>
<html>
<body>
<h1>Login Successful</h1>
<h2>Username: <? echo $_SESSION['username']?></h2>
<a href = "logout.php">Log out</a>
</body>
</html>

UPDATE

Here is the source code from after an attempted log in. I will try to show why I think that $_SESSION['username'] is never being set (but why?)

<!DOCTYPE html>
<html>
<head>
<body>
<div id="showuser">
  <title>it IT</title>
  <script src="reqscripts/jquery.js">
  <script src="js/application.js">
  <form id="login" action="checklogin.php" method="post">
  <h1>Member Login</h1>
    <p>
      Username: <input id="myusername" type="text" name="myusername">
    </p>
    <p>
      Password: <input id="mypassword" type="password" name="mypassword">
    </p>
  <input type="submit" value="Login" name="Submit">
  </form>
  <form id="register" action="checkreglogin.php" method="post">
  <h1>Member Registration</h1>
    <p>
      Username: <input id="rmyusername" type="text" name="rmyusername">
    </p>
    <p>
      Password: <input id="rmypassword" type="password" name="rmypassword">
    </p>
    <p>
      Email: <input id="myemail" type="text" name="myemail">
    </p>
    <input type="submit" value="Register" name="Submit">
  </form>
  <div id="showuser"></div>
</div>
</body>
</html>

Notice how the entire page is in the division...but there is also and empty "showuser" div at the bottom. This confuses me. I think that, when checklogin.php is called by the form - something goes wrong, and the user never gets saved in $_SESSION['username']. Therefore...when login_success.php gets called - $_SESSION['username'] is set to null...and index.php (all of it) loads on $.post request...because that is what would happen when $_SESSION['username'] is null according to login_success.php. Essentially...login_success.php becomes index.php somewhere along the way. Enlighten me!

4

1 回答 1

0

想通了,感谢@fattomhk 的评论。我不得不将 checklogin.php 中的 session_destroy() 行放入 else 块中......就像这样:

...

else {
    echo "Wrong Username or Password";
    session_destroy();
}
?>

在 checklogin.php 脚本运行后会话被破坏 - 因此会话用户名从未被设置......并且 login_success.php 在加载页面之前检查用户名......如果没有用户名 - 它会加载 index.php (这就是为什么页面在登录时没有改变)。

于 2013-06-14T13:53:09.903 回答