我有一个愚蠢的问题,我只是想不通。当我刷新登录页面时,密码和用户名出现在输入字段中。这是我的代码:
<?php include_once "includes/scripts.php"; ?>
<?php
session_start();
include_once ("includes/connect.php");
if (isset($_SESSION['logged_in'])) {
header('location: admin_cms.php');
}else{
if (isset($_POST['username'], $_POST['password'])){
$username = $_POST['username'];
$password = md5($_POST['password']);
if (empty($username) or empty($password)){
$error = '<p>NOTE: Fields are blank</p>';
}else{
$query = $pdo->prepare("SELECT * FROM users WHERE user_name = ? AND user_password =?");
$query->bindValue(1, $username);
$query->bindValue(2, $password);
$query->execute();
$num = $query->rowCount();
if ($num == 1){
$_SESSION['logged_in'] = true;
header('location: admin_cms.php');
exit();
}else{
$error = "<p>NOTE: The username or password is incorrect</p>";
}
}
}
?>
<div id="login_container">
<br><img src="images/camelhorst_logo_full.png" style="margin-top:38px;">
<h1>LOGIN<img src="images/three_column_grid_line.png" alt="line"></h1>
<form acton = "admin.php" method="post" autocompleate="off">
<label>Username:</label>
<input type="text" name="username" placeholder="Your Username" required>
<label>Password:</label>
<input type="password" name="password" placeholder="Your Password" required>
<input type="submit" value="Login" name="submit_login">
</form>
<?php if (isset($error))
{echo $error;}?>
<p id="copyright_admin"> © CAMELHORSE CREATIVE STUDIO 2013 </p>
</div><!--login_container-->
<?php } ?>
</body>
</html>
请有人可以帮我解决这个问题,如果有人看到可能是安全问题的问题,请纠正我?
