0

我试图达到使用相同 php 控制器文件的登录页面和注册页面的地步。输入 site.com/?login 时,会显示登录页面(已完成),然后当用户现在提交登录页面时,我希望它显示“授予/拒绝访问”。注册页面也是如此(site.com/?registeration 进入注册页面并打印提交是否成功)。我遇到了一个问题,即在提交任一页面时,它都没有显示我期望的输出。

<?php
include $_SERVER['DOCUMENT_ROOT'] . 'includes/db_connection.php';

/*********************Registration page code***************************/
if (isset($_GET['register']))
{
    $action = 'register_form';
    include 'register.html.php';
    exit();
}

if (isset($_POST['action']) and $_POST['action'] == 'register_form') {
    $username = mysqli_real_escape_string($connection, $_POST['username']);
    $email = mysqli_real_escape_string($connection, $_POST['email']);
    $password = mysqli_real_escape_string($connection, $_POST['password']);

    $output = 'Username: ' . $username . ' Email: ' . $email . ' Password: ' . $password;

    $sql = 'INSERT INTO user (username,email,password) VALUES
            ("'. $username .'","'. $email .'","'. $password .'")';

    if (!mysqli_query($connection, $sql))
    {
        $error = 'Error registering user: ' . mysqli_error($connection);
        include 'output.html.php';
        exit();
    }

    include 'output.html.php';
    exit();
}
/*************************************************************************/

if (isset($_GET['login']))
{
    $action = 'login_form';
    include 'login.html.php';
    exit();
}

if (isset($_POST['action']) and $_POST['action'] == 'login_form' )
{
    $username = mysqli_real_escape_string($connection, $_POST['username']);
    $password = mysqli_real_escape_string($connection, $_POST['password']);

    $output = 'Username: ' . $username . ' Password: ' . $password;

    $sql = 'SELECT COUNT(*) FROM user WHERE username="'.$username.'" AND password="'.$password.'"';
    $result = mysqli_query($link, $sql);
    if (!$result)
    {
        $error = 'Error seeing if user exists in the DB.';
        include 'output.html.php';
        exit();
    }   

    $num = mysqli_num_rows($result);
if($num > 0) {
        $output .= '\nAccess Granted!';
    } else {
        $output .= '\nAccess Denied! Please register first...';
    }

    include 'output.html.php';
    exit();
}

$output = 'Database connection established.<br/>Server root: ' . $_SERVER['DOCUMENT_ROOT'];
include 'output.html.php';
?>

下面的代码是我的注册页面(登录页面很相似):

<?php include_once $_SERVER['DOCUMENT_ROOT'] .
        '/includes/helpers.inc.php'; ?>
<!DOCTYPE html>
<html>
    <head>
        <title>Registration</title>
        <!--link type="text/css" rel="stylesheet" href="stylesheet.css"/-->
    </head>
    <body>  
        <div id="content">
            <form id="registration_form" method="POST" action="?<?php htmlout($action); ?>">

                <label for="username-id">Username:</label>
                <input id="username-id" type="text" name="username" autofocus="autofocus" /><br/><br/>

                <label for="email-id">Email:</label>
                <input id="email-id" type="email" name="email" /><br/><br/>

                <label for="password1-id">Password:</label>
                <input id="password1-id" class="text-input" type="password" name="password" /><br/><br/>

                <label for="password2-id">Retype Password:</label>
                <input id="password2-id" class="text-input" type="password" name="password_repeat" /><br/><br/>

                <input type="submit" value="Register"/>
            </form>
        </div>
    </body>
</html>

output.html.php 页面只是一个回显$output 和$error 的简单页面。

关于我做错了什么的任何想法?我对 PHP 很陌生,大部分代码都遵循了使用 PHP 和 MySQL 构建您自己的数据库驱动的网站一书。

4

2 回答 2

2

action您提交表格的目标是什么?如果它包含查询字符串,您的代码将不会像您希望的那样工作:

<form method="post" action="?login">...</form>

这是因为 PHP 总是会解析查询字符串(URL 后面的所有内容?),即使请求实际上使用了POST动词。

因此,您不能依赖在request$_GET中为空POST
(你用 做这个if(isset($_GET['login']))

但是,您可以使用另一个超全局字段来获取请求方法:

if($_SERVER['REQUEST_METHOD'] == 'POST') {
    // Form has been submitted
} else {
    // Not a POST request, proabably GET
}

文档可以在PHP.net上找到


编辑 1

此外,nick bonnet的回答也适用于此。
您不能通过或访问表单元素的action属性(也不能访问任何其他属性)。$_GET$_POST

那些仅包含已解析的查询字符串 ( $_GET) 和 - 对于POST请求 - 已解析的请求正文 ( $_POST; 由浏览器使用a 的子级namevalue属性构建form)


编辑 2

建议我如何构建这个“应用程序”(保持?xyURL 格式):

<?php

/* DB connection and bootstrapping code goes here */

if(isset($_GET['login'])) {
    if('POST' == $_SERVER['REQUEST_METHOD']) {
        // FORM HAS BEEN SUBMITTED,
        // process user input (login credentials) and display a message
    } else {
        // Assume GET or HEAD,
        // display login form
    }
}
elseif (isset($_GET['registration'])) {
    if('POST' == $_SERVER['REQUEST_METHOD']) {
        // FORM HAS BEEN SUBMITTED,
        // process user input (registration data) and display a message
    } else {
        // Assume GET or HEAD,
        // display registration form
    }
}
else {
    // No page found
    include '404.html.php';
}

?>

表单和表单提交现在共享相同的 URL(?login?registration),并通过请求方法(GETfor form,POSTfor subission)来区分。

于 2013-10-24T19:48:22.290 回答
0

因为你正在检查

   and $_POST['action'] == 'register_form') 

但实际上与

    <form id="registration_form" method="POST" action="?<?php htmlout($action); ?>">

你寄给它

    $_GET['action']

您需要添加

    <input type="hidden" name="action" value="register_form" />

或将条件更改为

   and isset($_GET['register_form'])
于 2013-10-24T19:45:58.513 回答