0
我有一个登录表单(HTML - > PHP)。我输入正确的细节,然后重新加载页面,我必须再次输入细节。我按提交,然后再次执行。在第三次(有时我认为第二次)它实际上使我登录。登录表格需要在登录前完成若干次
任何帮助将不胜感激。
这里是HTML表单:
<!-- Login Form -->
<form method="post" id="login-form-splash">
<input type="text" class="text" name="username" onfocus="if(this.value == 'Username') { this.value = ''; }" value="Username" />
<input type="password" name="password" class="password" onfocus="if(this.value == 'Password') { this.value = ''; }" value="Password" />
<input type="submit" name="submit" value="Login" class="submit" />
<br />
<a href="resetpassword.php"><span>Lost Password?</span></a>
<br />
No account yet? <a href="register.php">Register</a>.<br />
</form>
这里是PHP实际上做的登录:
<?php
//Check if login form was submitted.
if(isset($_POST['submit']))
{
//include important settings and functions.
include($_SERVER['DOCUMENT_ROOT'] . '/includes/config.php');
//Check if both fields were completed.
if($_POST['username'] == '' || $_POST['password'] == '')
{
//Tell them whats wrong.
echo "<script language=\"javascript\">alert('You need to complete both fields.');</script>";
} else
{
//The completed both fields.
//Localise vars.
$username = $_POST['username'];
$password = $_POST['password'];
//Protect against SQL Injection using mysql_prep function. [mysql_prep can be found in ./includes/functions.php]
mysql_prep($username);
mysql_prep($password);
//MD5 Hash the password to check against hashed password in DB.
$password = md5($password);
//Connect to MySQL Database.
include($_SERVER['DOCUMENT_ROOT'] . '/includes/connect.php');
//If connection exists
if(isset($mysql_connection))
{
//Run MySQL Query on DB.
$sql = "SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'";
$result = mysql_query($sql, $mysql_connection) or die('Cannot Execute:'. mysql_error());
//Check if there is a match. There can only be one.
if(mysql_num_rows($result) == 1)
{
//Create session variables and set values within them.
$_SESSION['username'] = $username;
//Redirect to Members page.
header('Location: members.php');
} else
{
//Username and Password are not correct, or the account doesn't exist.
echo "<script language=\"javascript\">alert('Please check that you have entered the details correctly.');</script>";
}
} else
{
//Database error.
echo "<script language=\"javascript\">alert('There was a database error. Please try again or contact a technician at [email protected]');</script>";
}
}
}
?>
mysql_prep是否返回任何内容/它有什么作用?你可能想在你的头后添加一个'exit;'。 – Class 2013-03-03 09:36:58
也许您在实际登录之前检查用户是否已登录?例如:“检查用户是否已登录 - >设置变量$ userIsLoggedIn = false - >处理表单请求 - >解析页面”。该错误将需要第二次页面加载才能实际识别用户登录。 – 2013-03-03 09:55:05
另一件事:会话是否正常工作?尝试在每个页面文件的开头使用session_start()。 – 2013-03-03 09:59:37