4

我有一个愚蠢的问题,我只是想不通。当我刷新登录页面时,密码和用户名出现在输入字段中。这是我的代码:

<?php include_once "includes/scripts.php"; ?>
<?php
session_start();
include_once ("includes/connect.php");
if (isset($_SESSION['logged_in'])) {
    header('location: admin_cms.php');
}else{
    if (isset($_POST['username'], $_POST['password'])){
        $username = $_POST['username'];
        $password = md5($_POST['password']);
        if (empty($username) or empty($password)){
            $error = '<p>NOTE: Fields are blank</p>';   
        }else{
            $query = $pdo->prepare("SELECT * FROM users WHERE user_name = ? AND user_password =?");
            $query->bindValue(1, $username);
            $query->bindValue(2, $password);
            $query->execute();
            $num = $query->rowCount();
            if ($num == 1){
                $_SESSION['logged_in'] = true;
                header('location: admin_cms.php');
                exit();
            }else{
                $error = "<p>NOTE: The username or password is incorrect</p>";  
            }
        }
    }
    ?>
    <div id="login_container">
        <br><img src="images/camelhorst_logo_full.png" style="margin-top:38px;">
        <h1>LOGIN<img src="images/three_column_grid_line.png" alt="line"></h1>
        <form  acton = "admin.php" method="post" autocompleate="off">
            <label>Username:</label>
            <input type="text" name="username" placeholder="Your Username" required>
            <label>Password:</label>
            <input type="password" name="password" placeholder="Your Password" required>
            <input type="submit"  value="Login" name="submit_login">
        </form>
        <?php if (isset($error))
        {echo $error;}?>
      <p id="copyright_admin"> © CAMELHORSE CREATIVE STUDIO 2013 </p>
    </div><!--login_container-->

    <?php } ?>
</body>
</html>

请有人可以帮我解决这个问题,如果有人看到可能是安全问题的问题,请纠正我?

我打开页面或刷新时的登录屏幕

4

2 回答 2

8

在输入的末尾autocomplete="off"

例子

 <input type="password" name="password" placeholder="Your Password" required autocomplete="off">

占位符也可能正在填充它,因此您可以将其移除

 <input type="password" name="password" required autocomplete="off">

您也可以autocomplete="off"在表单标签中放置

于 2013-09-27T16:22:00.430 回答
2

默认情况下,自动完成属性设置为“on”。将其关闭将阻止您的浏览器显示可能已存储的其他值。我很确定自动完成属性在表单标签内不起作用。在要编辑的输入标签内,放

autocomplete="off"

更多信息在这里

于 2013-09-27T16:26:15.320 回答