PHP 点击按钮重定向
PHP redirect on button click
我是 PHP 编程新手,有一个简单的程序,其中有一个接受用户名和密码的索引页。如果用户不存在或提供了错误的凭据,那么我想再次显示带有错误消息的索引页面。这是我目前在 index.html:
上的内容
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="">
<meta name="author" content="Bella" >
<title>Company Name - Log In</title>
<!-- Bootstrap Core CSS -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<!-- Custom CSS -->
<link href="css/custom.css" rel="stylesheet">
<!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<div id="fullscreen_bg" class="fullscreen_bg"/>
<div class="container">
<form class="form-signin" action="loginAction.php" method="post">
<h1 class="form-signin-heading text-muted">Log In</h1>
<input type="text" name="email" class="form-control" placeholder="Email address" required="" autofocus="">
<input type="password" name="password" class="form-control" placeholder="Password" required="">
<button class="btn btn-lg btn-primary btn-block" type="submit">
Log In
</button>
<a href="register.html" class="btn btn-md btn-warning btn-block">Register</a>
</form>
</div>
<!-- /.container -->
<!-- jQuery -->
<script src="js/jquery.js"></script>
<!-- Bootstrap Core JavaScript -->
<script src="js/bootstrap.min.js"></script>
<!-- Script to Activate the Carousel -->
<script>
$('.carousel').carousel({
interval: 5000 //changes the speed
})
</script>
</body>
</html>
我的LoginAction.php是:
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
//Set the Post results to variables
$email = $_POST("email");
$password = md5($_POST("password"));
//Get the database username, passwords, etc.
include('config.php');
// Create connection with the server
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
//Check for user
$sql = "SELECT * FROM users WHERE email=" . $email . " AND password=" . $password . "";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
mysqli_close($conn);
session_start();
$_SESSION['email'] = $row['email'];
$_SESSION['id'] = $row['id'];
$_SESSION['admin'] = true; //user is authenticated and the user is admin
header"portal.php"; //redirect to another page
}
}
else {
mysqli_close($conn);
echo "<div class='alert alert-warning'>No User Found</div>";
//header("Location: http://example.com/myOtherPage.php");
//header"portal.php"; //redirect to another page
include"index.html";
}
?>
目前显示为空白LoginAction.php
你是post个变数,不应该是下面这些吗:
$email = $_POST["email"];
$password = md5($_POST["password"]);
首先,我建议您将 session_start(); 放在所有使用会话的文件的顶部。
如果 DB 出现错误,它将抛出一个 headers 已经发送的通知,因为这将被视为 outputting before header.
您的价值观也缺少引号
$sql = "SELECT * FROM users WHERE email=" . $email . " AND password=" . $password . "";
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
应该读作:
$sql = "SELECT * FROM users WHERE email= '" . $email . "' AND password= '" . $password . "'";
如果使用了错误检查,会引发语法错误。
您还过早地关闭了连接:
while($row = mysqli_fetch_assoc($result)) {
mysqli_close($conn);
^^^^^^^^^^^^^^^^^^^^
我建议您删除它(MySQL 将在查询完成后自动关闭它),或者在代码执行后移动它。
然后这些:
$email = $_POST("email");
$password = md5($_POST("password"));
那些应该是方括号。
$email = $_POST["email"];
$password = md5($_POST["password"]);
检查错误使用:
$result = mysqli_query($conn, $sql) or die(mysqli_error($conn));
关于 MD5 的旁注。
这是一种古老且不安全的散列方法。阅读以下有关它的文章:
- http://en.wikipedia.org/wiki/MD5
- https://security.stackexchange.com/questions/19906/is-md5-considered-insecure
我推荐你使用CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack。
此外,我还建议您使用 mysqli with prepared statements, or PDO with prepared statements,它们更安全。
您当前的密码对SQL injection开放。
header"portal.php";
缺少 "Location:" 和括号:
header("Location: portal.php");
根据手册:
并在每个 header 后添加 exit;。否则,您的代码将继续执行。
您的 "else" 应如下所示:
[...]
else{
mysqli_close($conn);
echo "<div class='alert alert-warning'>No User Found</div>";
header("Location: http://localhost/yourProject/index.html"); // here you have to put the correct url for your index.html
}
我是 PHP 编程新手,有一个简单的程序,其中有一个接受用户名和密码的索引页。如果用户不存在或提供了错误的凭据,那么我想再次显示带有错误消息的索引页面。这是我目前在 index.html:
上的内容<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="">
<meta name="author" content="Bella" >
<title>Company Name - Log In</title>
<!-- Bootstrap Core CSS -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<!-- Custom CSS -->
<link href="css/custom.css" rel="stylesheet">
<!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<div id="fullscreen_bg" class="fullscreen_bg"/>
<div class="container">
<form class="form-signin" action="loginAction.php" method="post">
<h1 class="form-signin-heading text-muted">Log In</h1>
<input type="text" name="email" class="form-control" placeholder="Email address" required="" autofocus="">
<input type="password" name="password" class="form-control" placeholder="Password" required="">
<button class="btn btn-lg btn-primary btn-block" type="submit">
Log In
</button>
<a href="register.html" class="btn btn-md btn-warning btn-block">Register</a>
</form>
</div>
<!-- /.container -->
<!-- jQuery -->
<script src="js/jquery.js"></script>
<!-- Bootstrap Core JavaScript -->
<script src="js/bootstrap.min.js"></script>
<!-- Script to Activate the Carousel -->
<script>
$('.carousel').carousel({
interval: 5000 //changes the speed
})
</script>
</body>
</html>
我的LoginAction.php是:
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
//Set the Post results to variables
$email = $_POST("email");
$password = md5($_POST("password"));
//Get the database username, passwords, etc.
include('config.php');
// Create connection with the server
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
//Check for user
$sql = "SELECT * FROM users WHERE email=" . $email . " AND password=" . $password . "";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
mysqli_close($conn);
session_start();
$_SESSION['email'] = $row['email'];
$_SESSION['id'] = $row['id'];
$_SESSION['admin'] = true; //user is authenticated and the user is admin
header"portal.php"; //redirect to another page
}
}
else {
mysqli_close($conn);
echo "<div class='alert alert-warning'>No User Found</div>";
//header("Location: http://example.com/myOtherPage.php");
//header"portal.php"; //redirect to another page
include"index.html";
}
?>
目前显示为空白LoginAction.php
你是post个变数,不应该是下面这些吗:
$email = $_POST["email"];
$password = md5($_POST["password"]);
首先,我建议您将 session_start(); 放在所有使用会话的文件的顶部。
如果 DB 出现错误,它将抛出一个 headers 已经发送的通知,因为这将被视为 outputting before header.
您的价值观也缺少引号
$sql = "SELECT * FROM users WHERE email=" . $email . " AND password=" . $password . "";
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
应该读作:
$sql = "SELECT * FROM users WHERE email= '" . $email . "' AND password= '" . $password . "'";
如果使用了错误检查,会引发语法错误。
您还过早地关闭了连接:
while($row = mysqli_fetch_assoc($result)) {
mysqli_close($conn);
^^^^^^^^^^^^^^^^^^^^
我建议您删除它(MySQL 将在查询完成后自动关闭它),或者在代码执行后移动它。
然后这些:
$email = $_POST("email");
$password = md5($_POST("password"));
那些应该是方括号。
$email = $_POST["email"];
$password = md5($_POST["password"]);
检查错误使用:
$result = mysqli_query($conn, $sql) or die(mysqli_error($conn));
关于 MD5 的旁注。
这是一种古老且不安全的散列方法。阅读以下有关它的文章:
- http://en.wikipedia.org/wiki/MD5
- https://security.stackexchange.com/questions/19906/is-md5-considered-insecure
我推荐你使用CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack。
此外,我还建议您使用 mysqli with prepared statements, or PDO with prepared statements,它们更安全。
您当前的密码对SQL injection开放。
header"portal.php";
缺少 "Location:" 和括号:
header("Location: portal.php");
根据手册:
并在每个 header 后添加 exit;。否则,您的代码将继续执行。
您的 "else" 应如下所示:
[...]
else{
mysqli_close($conn);
echo "<div class='alert alert-warning'>No User Found</div>";
header("Location: http://localhost/yourProject/index.html"); // here you have to put the correct url for your index.html
}