你好,当用户输入错误的用户名或密码时,我正在做小的登录表单,它会重定向到登录页面,但是我的脚本标题功能不起作用
这是loging.php页面
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script src="http://code.jquery.com/jquery-latest.js"></script>
<script type="text/javascript" src="http://jzaefferer.github.com/jquery-validation/jquery.validate.js"></script>
<style type="text/css">
* { font-family: Verdana; font-size: 96%; }
label { width: 10em; float: left; }
label.error { float: none; color: red; padding-left: .5em; vertical-align: top; }
p { clear: both; }
.submit { margin-left: 12em; }
em { font-weight: bold; padding-right: 1em; vertical-align: top; }
</style>
<script>
$(document).ready(function(){
$("#commentForm").validate();
});
</script>
</head>
<body>
<form class="cmxform" enctype="multipart/form-data" id="commentForm" method="post" action="buy.php">
<fieldset>
<legend>A simple comment form with submit validation and default messages</legend>
<p>
<label for="cname">Name</label>
<em>*</em><input id="name" name="name" size="25" class="required" minlength="2" />
</p>
<p>
<label for="cemail">Password</label>
<em>*</em><input id="password" type="password" name="password" size="25" class="required" />
</p>
<p> </p>
<p> </p>
<p>
<input class="submit" type="submit" value="login"/>
</p>
</fieldset>
</form>
</body>
</html>
这是在登录到此页面后的buy.php页面
<?php
session_start();
$Name = $_POST['name'];
$Pass = $_POST['password'];
//STEP 1 Connect To Database
$host= "localhost";
$dbname= "register";
$user = "root";
$pass = "";
try {
# MySQL with PDO_MYSQL
$DBH = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);
//$DBH->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$STH = $DBH->query("SELECT username, password from tbl_users");
$STH->execute();
//STEP 2 Declare Variables
$Query = $DBH->query("SELECT * FROM tbl_users WHERE username='$Name' AND password='$Pass'");
$Query->execute();
$Query->setFetchMode(PDO::FETCH_NUM);
$NumRows = $Query->fetch();
$_SESSION['name'] = $Name;
$_SESSION['password'] = $Pass;
//STEP 3 Check to See If User Entered All Of The Information
if(empty($_SESSION['name']) || empty($_SESSION['password']))
{
die("could not connect");
}
if($Name && $Pass == "")
{
die("Please enter a name and password!");
}
if($Name == "")
{
die("Please enter your name!" . "</br>");
}
if($Pass == "")
{
die("Please enter a password!");
echo "</br>";
}
//STEP 4 Check Username And Password With The MySQL Database
if($NumRows != 0)
{
$STH->setFetchMode(PDO::FETCH_ASSOC);
while($Row = $STH->fetch())
{
$dname = $Row['username'];
$dpass = $Row['password'];
}
}
else
{
die("Incorrect Username or Password!");
if( $_SESSION['name']!= $dname || $_SESSION['password'] != $dpass)
{
header("location: login.php");
}
else
{
header("location: http://www.google.com");
}
}
if($Name == $dname && $Pass == $dpass)
{
// If The User Makes It Here Then That Means He Logged In Successfully
echo "Hello " . $Name . "!";
}
}
catch(PDOException $e) {
echo "I'm sorry, Dave. I'm afraid I can't do that.";
$e->getMessage();
}
?>
<html>
<body>
<p>Here is where you can put information for the user to see when he logs on. (Anything inside these html tags!)</p>
</body>
</html>
答案 0 :(得分:1)
使用时:
die("Incorrect Username or Password!");
它将输出文本:Incorrect Username or Password!
,当使用标题时,在调用之前不得输出任何内容。
来自doc:
请记住,在发送任何实际输出之前,必须通过普通HTML标记,文件中的空行或PHP来调用header()。使用include或require,函数或其他文件访问函数读取代码是一个非常常见的错误,并且在调用header()之前输出空格或空行。使用单个PHP / HTML文件时存在同样的问题。
修改强>
实际上die
与exit
等效,因此一旦您点击该行,其余的脚本就不会运行。所以对header()的调用永远不会发生。
答案 1 :(得分:0)
检查<?php
标记之前的空格,如果有,请将其删除
更改:
if($Name && $Pass == "")
到:
if($Name=="" && $Pass == "")
答案 2 :(得分:0)
在使用标题之前不能输出任何内容,它会产生标题已发送错误。 当用户输入错误的用户名或密码时,使用URL中的标记重定向,如?error = true,并触发一个javascript代码,显示登录无效的错误消息。
答案 3 :(得分:0)
死(“用户名或密码不正确!”); 它将输出文本:不正确的用户名或密码!当使用标题时,在调用之前不得输出任何内容。 因为当你使用标题时总是记得不要在标题函数之前使用
答案 4 :(得分:0)
超出主题,您需要更改此行。因为您似乎直接从帖子中获取这些变量,这不安全。
// wrong
$Query = $DBH->query("SELECT * FROM tbl_users
WHERE username='$Name' AND password='$Pass'");
$Query->execute();
// true
$Query = $DBH->query("SELECT * FROM tbl_users
WHERE username = :username AND password = :password");
$Query->execute(array(':username' => $Name, ':password' => $Pass));
有关详细信息,请参阅此处:http://php.net/manual/en/pdostatement.execute.php