会话标头重定向无法正常工作

时间:2013-02-20 13:09:51

标签: php session

你好,当用户输入错误的用户名或密码时,我正在做小的登录表单,它会重定向到登录页面,但是我的脚本标题功能不起作用

这是loging.php页面

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
                    "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
  <script src="http://code.jquery.com/jquery-latest.js"></script>
  <script type="text/javascript" src="http://jzaefferer.github.com/jquery-validation/jquery.validate.js"></script>
<style type="text/css">
* { font-family: Verdana; font-size: 96%; }
label { width: 10em; float: left; }
label.error { float: none; color: red; padding-left: .5em; vertical-align: top; }
p { clear: both; }
.submit { margin-left: 12em; }
em { font-weight: bold; padding-right: 1em; vertical-align: top; }
</style>
  <script>
  $(document).ready(function(){
    $("#commentForm").validate();
  });
  </script>

</head>
<body>


 <form class="cmxform" enctype="multipart/form-data" id="commentForm" method="post" action="buy.php">
 <fieldset>
   <legend>A simple comment form with submit validation and default messages</legend>
   <p>
     <label for="cname">Name</label>
     <em>*</em><input id="name" name="name" size="25" class="required" minlength="2" />
   </p>
   <p>
     <label for="cemail">Password</label>
     <em>*</em><input id="password" type="password" name="password" size="25"  class="required" />
   </p>
   <p>&nbsp;</p>
  <p>&nbsp;</p>
   <p>
     <input class="submit" type="submit" value="login"/>
   </p>
 </fieldset>
 </form>
</body>
</html>

这是在登录到此页面后的buy.php页面

<?php
session_start();

$Name = $_POST['name'];
$Pass = $_POST['password'];

//STEP 1 Connect To Database
$host= "localhost";
$dbname= "register";
$user = "root";
$pass = "";

try {  
  # MySQL with PDO_MYSQL  
  $DBH = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);  
  //$DBH->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION ); 
  $STH = $DBH->query("SELECT username, password from tbl_users");
  $STH->execute();

  //STEP 2 Declare Variables

$Query = $DBH->query("SELECT * FROM tbl_users WHERE username='$Name' AND password='$Pass'");
$Query->execute();
$Query->setFetchMode(PDO::FETCH_NUM); 

$NumRows = $Query->fetch();
$_SESSION['name'] = $Name;
$_SESSION['password'] = $Pass;

//STEP 3 Check to See If User Entered All Of The Information

if(empty($_SESSION['name']) || empty($_SESSION['password']))
{
die("could not connect");
}

if($Name && $Pass == "")
{
die("Please enter  a name and password!");
}

if($Name == "")
{
die("Please enter your name!" . "</br>");
}

if($Pass == "")
{
die("Please enter a password!");
echo "</br>";
}

//STEP 4 Check Username And Password With The MySQL Database

if($NumRows != 0)
{

$STH->setFetchMode(PDO::FETCH_ASSOC); 
while($Row = $STH->fetch())
{
$dname = $Row['username'];
$dpass = $Row['password'];

}

}
else
{
die("Incorrect Username or Password!");

 if( $_SESSION['name']!= $dname || $_SESSION['password'] != $dpass) 
 {
    header("location: login.php");
  } 
  else 
  {
     header("location: http://www.google.com");
  }

}

if($Name == $dname && $Pass == $dpass)
{
// If The User Makes It Here Then That Means He Logged In Successfully
echo "Hello " . $Name . "!";
}
}  

catch(PDOException $e) {  
    echo "I'm sorry, Dave. I'm afraid I can't do that.";  
    $e->getMessage(); 
} 
?>
<html>
<body>
<p>Here is where you can put information for the user to see when he logs on. (Anything inside these html tags!)</p>
</body>
</html>

5 个答案:

答案 0 :(得分:1)

使用时:

die("Incorrect Username or Password!");

它将输出文本:Incorrect Username or Password!,当使用标题时,在调用之前不得输出任何内容。

来自doc

  

请记住,在发送任何实际输出之前,必须通过普通HTML标记,文件中的空行或PHP来调用header()。使用include或require,函数或其他文件访问函数读取代码是一个非常常见的错误,并且在调用header()之前输出空格或空行。使用单个PHP / HTML文件时存在同样的问题。

修改

实际上dieexit等效,因此一旦您点击该行,其余的脚本就不会运行。所以对header()的调用永远不会发生。

答案 1 :(得分:0)

检查<?php标记之前的空格,如果有,请将其删除

更改:

if($Name && $Pass == "")

到:

if($Name=="" && $Pass == "")

答案 2 :(得分:0)

在使用标题之前不能输出任何内容,它会产生标题已发送错误。 当用户输入错误的用户名或密码时,使用URL中的标记重定向,如?error = true,并触发一个javascript代码,显示登录无效的错误消息。

答案 3 :(得分:0)

死(“用户名或密码不正确!”); 它将输出文本:不正确的用户名或密码!当使用标题时,在调用之前不得输出任何内容。 因为当你使用标题时总是记得不要在标题函数之前使用

答案 4 :(得分:0)

超出主题,您需要更改此行。因为您似乎直接从帖子中获取这些变量,这不安全。

// wrong
$Query = $DBH->query("SELECT * FROM tbl_users 
    WHERE username='$Name' AND password='$Pass'");
$Query->execute();

// true
$Query = $DBH->query("SELECT * FROM tbl_users 
    WHERE username = :username AND password = :password");
$Query->execute(array(':username' => $Name, ':password' => $Pass));

有关详细信息,请参阅此处:http://php.net/manual/en/pdostatement.execute.php

相关问题
最新问题