<?php
require_once("!cache.php");
$connection = mysqli_connect ('localhost', 'twa137', 'twa137hu', 'westernhotel137');
if(!$connection) {
die("connection failed: " . mysqli_connect_error());
}
$username="";
$password="";
$usmg="";
$pasmg="";
$logincorrect = "";
if (isset($_POST["submit"])) {
// Here we only validate that username and password are not empty.
$username = $_POST["username"];
if (empty($username)) $usmg = '<span class="error"> This field is mandatory. Please enter staff ID.</span>';
$password = $_POST["password"];
if (empty($password)) $pasmg = '<span class="error"> This field is mandatory. Please enter password.</span>';
if (strlen($usmg)==0 && strlen($pasmg)==0) {
// sanitize them before passing to database
$username = mysqli_real_escape_string($connection, $username);
$password = mysqli_real_escape_string($connection, $password);
$sql = "select username, password from customers where username = '$username' and password = '$password'";
$rs = mysqli_query($connection, $sql)
or die("Error when looking up username and password" . mysqli_error($connection));
if (mysqli_num_rows($rs) > 0) {
// username and password correct
session_start();
$_SESSION["who1"] = $username;
$_SESSION["password"] = $password;
mysqli_close($connection);
$logincorrect = true;
header("location: browse.php");
}
mysqli_close($connection);
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Login</title>
<style type="text/css">
input[type="text"] {
border: 2px solid black;
}
.error {
color:red;
}
</style>
</head>
<body>
<h2>Login page </h2>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
<p>
Admin name: <input type="text" name="username" value="<?php echo htmlspecialchars($username) ?>" />
<?php echo $usmg; ?>
</p>
<p>
Password: <input type="password" name="password" value="<?php echo htmlspecialchars($password) ?>" />
<?php echo $pasmg; ?>
</p>
<p>
<input type="submit" value="Submit" name="submit"/>
</p>
<p>
<input type="reset" value="Reset" name="reset"/>
</p>
</form>
<?php
if (isset($_POST['submit']) && !$logincorrect) {
echo "<p> <span class='error'>Login details incorrect. Please try again!</span></p>";
}
?>
</body>
</html>
重定向到一个页面,我需要检查,如果该值存在,并且如果它,它会重定向到另一个页面,但是当我尝试测试我的输入它总是显示登录信息不正确,即使该值在数据库检查是否值在数据库中存在的,如果不使用PHP
为什么'在这里输入代码'行是有这么多次.... PLZ编辑问题 –
是你的数据库密码散列或在任何文字,加密? – keziah
对不起,我这里是新的@DrManishJoshi –