I am trying to make a simple login page where if the username and the password are both equal to "admin" then i want to redirect to another page called "admin_page.php". I have the following code but for some reason the login works for whatever i input on username and password fields, even if there are empty. Can anyone tell me why is thats happening? Here is my code:
<body>
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$user = $_POST['username'];
$pass = $_POST['psw'];
if (($user === "admin") && ($pass ==="admin")) {
header("Location: admin_page.php");
} else {
echo("error ! please enter correct data");
}
echo $user;
}
?>
<div class="bg">
<div class="a">
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" enctype='multipart/form-data'>
{{ csrf_field() }}
<input type="text" placeholder="Username" name="username">
<input type="Password" placeholder="Password" name="psw">
<button type="submit" name="submit">Login</button>
</form>
</div>
</div>
</body>
web.php
Route::get('/', function () {
return view('home');
});
Route::post('/', function () {
return view('admin');
});
Route::post('/', function () {
return view('admin_page');
});
// Route::get('/', function () {
// return view('welcome');
// });
Route::view('/home', "home"); // for controller
// Route::view('/welcome', "welcome"); // for controller
Route::view('/admin', "admin"); // for controller
Route::view('/admin_page', "admin_page"); // for controller
index.php
<?php
/**
* Laravel - A PHP Framework For Web Artisans
*
* @package Laravel
* @author Taylor Otwell <taylor@laravel.com>
*/
define('LARAVEL_START', microtime(true));
/*
|--------------------------------------------------------------------------
| Register The Auto Loader
|--------------------------------------------------------------------------
|
| Composer provides a convenient, automatically generated class loader for
| our application. We just need to utilize it! We'll simply require it
| into the script here so that we don't have to worry about manual
| loading any of our classes later on. It feels great to relax.
|
*/
require __DIR__.'/../vendor/autoload.php';
/*
|--------------------------------------------------------------------------
| Turn On The Lights
|--------------------------------------------------------------------------
|
| We need to illuminate PHP development, so let us turn on the lights.
| This bootstraps the framework and gets it ready for use, then it
| will load up this application so that we can run it and send
| the responses back to the browser and delight our users.
|
*/
$app = require_once __DIR__.'/../bootstrap/app.php';
/*
|--------------------------------------------------------------------------
| Run The Application
|--------------------------------------------------------------------------
|
| Once we have the application, we can handle the incoming request
| through the kernel, and send the associated response back to
| the client's browser allowing them to enjoy the creative
| and wonderful application we have prepared for them.
|
*/
$kernel = $app->make(Illuminate\Contracts\Http\Kernel::class);
$response = $kernel->handle(
$request = Illuminate\Http\Request::capture()
);
$response->send();
$kernel->terminate($request, $response);
The problem is where you are checking for your request parameters.
Your View
<body>
<div class="bg">
@if(count($errors) > 0)
@foreach($errors as $error)
<p>{{$error}}</p>
@endforeach
@endif
<div class="a">
<form method="post" action="/" enctype='multipart/form-data'>
{{ csrf_field() }}
<input type="text" placeholder="Username" name="username">
<input type="Password" placeholder="Password" name="psw">
<button type="submit" name="submit">Login</button>
</form>
</div>
</div>
</body>
Your routes
Route::post('/', function (Request $request) {
$errors = [];
if($request->has('username') && $request->has('psw')){
if($request->input('username') === 'admin' && $request->input('psw') === 'admin'){
return redirect('/admin_page');
}
else{$errors[] = "Invalid login attempt";}
}
return view('admin', ['errors' => $errors]);
});
But this is not the way to do it this just solves your current problem. I would advise on looking into using laravel's built in authentication.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.