[英]php login don't work
I'm working on a login system and I want, In case the user entered wrong username & password to return him to the login page and if its ok redirect to admin/index.php it's not working and no errors .我正在开发一个登录系统,我想要,如果用户输入了错误的用户名和密码以将他返回到登录页面,如果它可以重定向到 admin/index.php,它就无法工作并且没有错误。
Function code And the html code功能代码和html代码
if(isset($_POST['submit_form'])){
$username = mysqli_real_escape_string($_POST['username']);
$password = mysqli_real_escape_string($_POST['password']);
$query = mysqli_query("SELECT * FROM users WHERE username = '$username' AND password ='{$password'");
if($query==false){
set_message(" Your password or username are wrong ");
redirect("login.php");
}else{
redirect("admin");
}
}
The Html code Html 代码
<form class="form-inline" role="form" action="" method="post" enctype="multipart/form-data">
<div class="form-group">
<label class="form-group" for="username">username</label>
<input type="text" name="username" class="form-control" id="username" placeholder="username">
</div>
<div class="form-group">
<label class="sr-only" for="password">Password</label>
<input type="password" name="password" class="form-control" id="password" placeholder="password">
</div>
<button type="submit" name="submit_form" class="btn btn-black">
<input type="hidden" name="submit_form" value="<?php echo session_id()"/>
Login
</button>
</form>
The functions功能
function redirect($location) {
header("Location : $location");
}
function query($sql){
global $connection ;
return mysqli_query($connection, $sql);
}
function confirm($result){
global $connection;
if(!$result){
die("QUERY FAILED " . mysqli_error($connection));
}
}
function escape_string($string){
global $connection ;
return mysqli_real_escape_string($connection, $string);
}
Yes, sorry i am just getting used to this thing.是的,对不起,我只是习惯了这件事。 Thanks for pointing out the mistake.
感谢您指出错误。
//this will eliminate the BOT hitting up the forms
if(isset($_POST['submit_form']) && $_POST['submit_form']==session_id()){
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$query = mysqli_query("SELECT * FROM users WHERE username = '$username' AND password ='$password'");
if($query==false){
set_message(" Your password or username are wrong ");
redirect("login.php");
}else{
redirect("admin");
}
}
And I updated the form as well.我也更新了表格。
<form class="form-inline" role="form" action="" method="post" enctype="multipart/form-data">
<div class="form-group">
<label class="form-group" for="username">username</label>
<input type="text" name="username" class="form-control" id="username" placeholder="username">
</div>
<div class="form-group">
<label class="sr-only" for="password">Password</label>
<input type="password" name="password" class="form-control" id="password" placeholder="password">
</div>
<button type="submit" name="submit_form" class="btn btn-black">
Login
</button> <input type="hidden" name="submit_form" value="<?php echo session_id()"/>
I would use sprintf when parsing up the query.我会在解析查询时使用 sprintf。 It eliminates SQL Injections.
它消除了 SQL 注入。 You can do something like this:
你可以这样做:
$query = sprintf('SELECT * FROM TABLE WHERE username = "%s" AND password = "%s"',
mysql_real_escape_string($username),
mysql_real_escape_string($password));
Hopefully this works for you.希望这对你有用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.