0

我有以下情况:

index.html(这是我的登录页面)

<div data-role="page" id="page_login">
<div id="wrapper_top_image">
   <div id="top_image"></div>
</div>
<div data-role="content" data-theme="b">    
    <div id="landmark-1" data-landmark-id="1">
    <form id="loginForm" onsubmit="return submitLogin();">
    <div data-role="fieldcontain" class="ui-hide-label">
        <label for="username">Username:</label>
        <input type="text" name="username" id="username" value="" placeholder="Username" />
    </div>

    <div data-role="fieldcontain" class="ui-hide-label">
        <label for="password">Password:</label>
        <input type="password" name="password" id="password" value="" placeholder="Password" />
    </div>

    <input type="submit" value="Login" id="submitButton">
    </form>
</div>      
</div>
<div data-role="footer">
    <h4>&copy; 2013 Company</h4>
    <h6>Developed by Alex</h6>
</div>

然后我的 PHP 脚本将检查所有内容 - > ps .. 我已经修复以避免注入!:

授权文件

$mysqli = new mysqli($mysql_hostname,$mysql_user, $mysql_password, $mysql_database);

// Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["username"]) && isset($_POST["password"])) {

    $username =$_POST['username'];
    $password =$_POST['password'];

    $sql = "SELECT id, password, username FROM users WHERE username='$username' AND password='$password' LIMIT 1";
    $result = $mysqli->query($sql) or die( $mysqli->error() );
    $rowN= mysqli_num_rows($result);
    if($rowN==1){
       $response_array['status'] = 'success'; 
    } else {
       $response_array['status'] = 'error'; 
    }
    echo json_encode($response_array);

}
$mysqli->close();

最后是我的 JQuery 脚本:

function submitLogin(){ 
 jQuery.support.cors = true; 
 $.ajax({ 
     url: 'http://www.xxxx.com/mobile/auth.php',
     crossDomain: true,
     type: "post",
     data: $("#loginForm").serialize(), 
     success: function(data){
         if(data.status == 'success'){
             //alert("Granted Access!");
             $.mobile.changePage("main.html");  
         }else if(data.status == 'error'){
             alert("Authentication Invalid. Please try again!");
             navigator.app.exitApp();
             $.mobile.changePage("index.html");       
        }

     }
 }); 
};

一切正常!检查数据,如果正常,则重定向到 main.html(主页),否则应用程序会弹出一个窗口,提示身份验证错误,使用户保持在同一页面中。

这是困境:如果用户输入错误的凭据尝试再次登录,即使他/她输入了正确的凭据,他/她输入的任何凭据都将被视为无效,并且应用程序将继续返回登录页面,直到我刷新如果在设备中运行,请关闭浏览器或结束应用程序。

有谁知道可能会发生什么?

4

0 回答 0