重定向用户正确/不正确的登录
我现在已经做了一段时间了,只是无法弄清楚我在这里做错了什么。
情景:
我正在开发一个PHP应用程序,用户可以输入他的登录凭据,并且在成功验证后,他将被重定向到他的主页。 Codewise:
index.php -> login_handler.php -> user_home.php
但是我无法在成功登录时将用户重定向到主页,在登录错误时无法将用户重定向到登录页面。我已在下面发布了相关的代码部分。
的index.php:
<div id="LoginFormWrapper">
<div class="login-block">
<h3 align="left">
<span style="font-family: 'Verdana'; color: white; font-weight: bold;font-size: 12px;margin-left: 10px;">
<?php
$queryString = http_build_query($_GET, '', '|');
echo $queryString;
if ($queryString == "status=Session+expired.Please+login%21") {
echo("Session expired.Please login!");
}
if ($queryString == "status=Login+Failed+%21") {
echo("Login failed !");
}
if ($queryString == "status=Registration+Succesful.") {
echo("Congrats ! Login to explore...");
}
?>
</span>
</h3>
<br/>
<form name="UserLogin" action="login_handler.php" method="post" class="loginform">
<p align="left"><label for="user_id">User Id :</label><input type="text" name="user_id" id="user_id" align="right"/></p>
<p align="left"><label for="password">Password :</label><input type="password" name="password" id="password" align="right" /></p>
<p align="left"><input type="submit" id="submit" value="Login"/>
<b>
<span style="font-family: 'Palatino Linotype', fantasy; color: white; font-size:14px;">Want to register ?</span>
</b>
<a href="Registration.php">
<img id="signupbutton" src="images/signup-button.png" alt="signup" width="76" height="41" longdesc="signup-button.png" />
</a>
</p>
</form>
</div>
</div>
login_handler.php:
<?php
include ("DatabaseOperations.php");
$user_id = $_POST["user_id"];
$password = $_POST["password"];
//echo $user_id;
$status = validateLogin($user_id, $password);
if (!$status) { // Redirect to Home Page with the error message printed above the login form.
header('Location: index.php?status=Login Failed !');
} else {
$mysqli = new mysqli("localhost", "root", "password", "cheque_management");
$query = "select `user_id` from `user_master` where `user_id` = '$user_id' and `password` = '$password'";
if ($result = $mysqli -> query($query)) {
while ($row = $result -> fetch_row()) {
//echo $row[0];
$status = $row[0];
}
// Code to set the sessions....
//First checks for an existing session ID number,
//If it finds one, it sets up the $_SESSION array.If not, it starts a new session by creating a new session ID number.
session_start();
// creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.
$_SESSION['user_id'] = $user_id;
$_SESSION['session_id'] = session_id();
// Binding the form inputted userid value with a session variable.
$session_id = $_SESSION['session_id'];
// Explicitly generating a unique session id for the current session.
header('Location: user_home.php?status=' . $status . '&session_id=' . $session_id);
// Assigning newly generated session id to a variable.
}
//mysqli_free_result($result);
}
?>
DatabaseOperations.php:
<?php
function getConnectionLink() {
echo "Inside getConnectionLink()"."<br/>";
return mysql_connect('localhost', 'root', 'password'); // Returns a MySQL link identifier if the connection is successful or FALSE on failure.
}
function getDB() {
echo "Inside getDB()"."<br/>";
$link_host = getConnectionLink();
$con_status = mysql_select_db('cheque_management', $link_host); // Returns TRUE on success or FALSE on failure.
return $con_status;
}
function validateLogin($user_id, $password) {
echo "Inside validateLogin()"."<br/>";
$link_host = getConnectionLink();
echo "$link_host = ".$link_host; // Doesn't print anything.
$con_status = getDB();
$sql = "select * from `user_master` where `user_id` = '$user_id' and `password` = '$password'";
echo $sql; // Doesn't print anything.
$result = mysql_query($sql, $link_host);
if (!$result || mysql_num_rows($result) < 1) {
echo "Valid Login";// Invalid login
return FALSE;
} else {
echo "Valid Login"; // Valid login.
return TRUE;
}
}
?>
编辑:
MySQL服务器启动并运行,查询似乎没问题。 sandeep和123,即在登录页面上输入的内容。
任何帮助都将不胜感激。
3 个答案:
答案 0 :(得分:0)
我相信问题是你的db查询。避免在任何时候都不推荐使用现代php的mysql扩展。您可能还希望在生产中加密密码并对数据进行更多清理。
这是一个原型,您应该使用存根数据运行,直到它返回正确的结果。在您将虚拟数据与表单提交连接后。
已更新为完整的单页自提交脚本,该脚本将在成功时重定向到user_home.php。只需编辑表单操作以匹配脚本文件名。
class MySql
{
private $sDbName = 'play';
private $sUsername = 'root';
private $sPassword = '';
private $sHost = 'localhost';
private $oConnection = null;
public function __construct()
{
$this->oConnection = new PDO(
'mysql:host='
. $this->sHost
. ';dbname='
. $this->sDbName,
$this->sUsername,
$this->sPassword
);
}
public function getDb()
{
return $this->oConnection;
}
public function bindVariables( &$oStmp, $aBinds )
{
foreach( $aBinds as $sVariable => $vValue )
{
// Ensure we have a colon prepended for PDO.
if( substr( $sVariable, 0, 1 ) !== ':' )
{
$sVariable = ':' . $sVariable;
}
$oStmp->bindValue( $sVariable, $vValue );
}
}
}
session_start();
if( !empty( $_POST ) && !empty( $_POST[ 'username' ] ) && !empty( $_POST[ 'username' ] ) )
{
$oMySql = new MySql;
$oDb = $oMySql->getDb();
$sSql = "SELECT count( 1 ) FROM user_master where username = :username and password = :password";
$aBinds[ 'username' ] = $_POST[ 'username' ];
$aBinds[ 'password' ] = $_POST[ 'username' ];
$oStmp = $oDb->prepare( $sSql );
$oMySql->bindVariables( $oStmp, $aBinds );
$oStmp->execute();
$oResult = $oStmp->fetchall();
if( !empty( $oResult ) )
{
// User record exists.
$sSql = "SELECT username FROM user_master where username = :username and password = :password LIMIT 1";
$oMySql->bindVariables( $oStmp, $aBinds );
$oStmp->execute();
$oUser = $oStmp->fetch();
$_SESSION[ 'username' ] = $oUser[ 0 ];
header( 'Location: user_home.php?status=good&session_id=' . $oUser[ 0 ] );
}
else
{
// User record does not exist.
header( 'Location: index.php?status=Login Failed !' );
}
var_dump( $oResult );
}
?>
<div id="LoginFormWrapper">
<div class="login-block">
<h3 align="left">
<span style="font-family: 'Verdana'; color: white; font-weight: bold;font-size: 12px;margin-left: 10px;">
<?php
$queryString = http_build_query($_GET, '', '|');
echo $queryString;
if ($queryString == "status=Session+expired.Please+login%21") {
echo("Session expired.Please login!");
}
if ($queryString == "status=Login+Failed+%21") {
echo("Login failed !");
}
if ($queryString == "status=Registration+Succesful.") {
echo("Congrats ! Login to explore...");
}
?>
</span>
</h3>
<br/>
<form name="UserLogin" action="66.php" method="POST" class="loginform">
<p align="left"><label for="username">User Id :</label><input type="text" name="username" id="user_id" align="right"/></p>
<p align="left"><label for="password">Password :</label><input type="password" name="password" id="password" align="right" /></p>
<p align="left"><input type="submit" id="submit" value="Login"/>
<b>
<span style="font-family: 'Palatino Linotype', fantasy; color: white; font-size:14px;">Want to register ?</span>
</b>
<a href="Registration.php">
<img id="signupbutton" src="images/signup-button.png" alt="signup" width="76" height="41" longdesc="signup-button.png" />
</a>
</p>
</form>
</div>
</div>
答案 1 :(得分:0)
我认为问题出在getConnectionLink()函数
中
mysql_connect返回true或false布尔值only.true成功或失败时返回false。 它的返回资源ID#25在函数内执行此操作。
$con = mysql_connect('localhost', 'root', 'password');
if(!$con) {die("could not onnect ".mysql_error());}
return $con;
其中$ con具有真或假值。 转到此链接以了解弃用,使用,函数返回MySQL CONNECT
答案 2 :(得分:0)
问题是您在getConnectionLink()和validateLogin()功能中再次呼叫getDB()。 getConnectionLink()返回的资源在这两个函数中将有所不同。您需要将getConnectionLink()返回的相同资源#传递给getDB()函数。
请参考http://php.net/manual/en/function.mysql-select-db.php查看相同的示例。
由于 Anurag Sethi
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?