时间戳

首页 > 解决方案 > php 不会将我引导到“操作”页面

php - php 不会将我引导到“操作”页面

问题描述

我有两个页面,它们是(sigin.php,validateIn.php)用户在“登录”页面中提交的表单,然后在“validateIn”页面中得到验证。

问题是服务器没有将我重定向到“validateIn”页面,它只是重新加载当前页面“登录”。

我在表单标签中包含了 action 属性。

我尝试过使用header('Location:***.php)这些对我都不起作用的功能。

我已经包含了一些“echo”语句来了解编译器的路径。

登录.php

           <form action="validateIn.php" method="POST">
    <strong>    <label> Student Number: </strong>
        <input id="studentNumber" type="text" name="studentNumber"
        value="<?php echo isset($_POST['studentNumber']) ? $_POST['studentNumber'] : '' ?>">
    </label> <br>

    <strong>    <label> Password:   </strong>
        <input id="pass" type="password" name="pass">
    </label> <br>

    <input id="signin" type="submit" name="signin" value="Sign In" >
</form>

validateIn.php

<?php
if (isset($_POST['signin'])) { //if 1
    echo "if number 1 <br>";
    if(!empty($_POST['studentNumber']) && !empty($_POST['pass']) ){ //if 2
        echo "if number 2";
        $number = mysqli_real_escape_string($_POST['studentNumber']);
        $pass = mysqli_real_escape_string(md5($_POST['pass']));

        $sql = "SELECT * FROM students WHERE student_number=$number AND password=$pass";
        $result = mysqli_query($$conn, $sql);

        if (mysqli_num_rows($result) == 1) { //if 3
            echo "if number 3";
            header('Location:home.php');
        } else { //else 1
            echo "else number 1";
            header('Location:signin.php');
        }
    }
}
else{
    echo "else number 2";
}

标签: phphtml

解决方案

要将用户密码的散列版本添加到数据库中,半伪代码可能是:

    <form method='post'>
        <label>username:<input type='text' name='username' /></label>
        <label>studentNumber:<input type='text' name='studentNumber' /></label>
        <label>password:<input type='password' name='pass' /></label>
        <input type='submit' />
    </form>

    <?php
        if( $_SERVER['REQUEST_METHOD']=='POST' ){

            $args=array(
                'studentNumber'     =>  FILTER_SANITIZE_STRING,
                'username'          =>  FILTER_SANITIZE_STRING,
                'pass'              =>  FILTER_SANITIZE_STRING
            );
            $_POST=filter_input_array( INPUT_POST, $args );
            extract( $_POST );

            $pwdhash=password_hash( $pass, PASSWORD_DEFAULT );

            $sql='insert into `student` set `username`=? `student_number`=?, `password`=?';
            $stmt=$db->prepare( $sql );
            $stmt->bind_param('sss', $username, $studentNumber, $pwdhash );


            $stmt->execute();
        }
    ?>

如果您假设密码已作为正确格式的哈希值存储在数据库中,password_hash那么您用于验证用户凭据的方法可能如下所示:

    <form action="validateIn.php" method="POST">
        <label>
            <strong>Student Number: </strong>
            <input type="text" name="studentNumber" value="<?php echo isset( $_POST['studentNumber'] ) ? $_POST['studentNumber'] : '' ?>" />
        </label>
        <br />
        <label>
            <strong>Password:</strong>
            <input type="password" name="pass" />
        </label>
        <br />
        <input type="submit" value="Sign In" />
    </form>


if( $_SERVER['REQUEST_METHOD']=='POST' ){

    $args=array(
        'studentNumber'     =>  FILTER_SANITIZE_STRING,
        'pass'              =>  FILTER_SANITIZE_STRING
    );
    $_POST=filter_input_array( INPUT_POST, $args );
    extract( $_POST );

    if( isset( $studentNumber, $pass ) ){
        $sql='select `password` from `student` where `student_number`=?';
        $stmt=$db->prepare( $sql );
        $stmt->bind_param( 's', $studentNumber );

        $res=$stmt->execute();
        if( $res ){
            $stmt->store_result();
            $stmt->bind_result( $pwdhash );
            $stmt->fetch();
            $stmt->free_result();
            $stmt->close();

            if( $pwdhash == password_verify( $pass, $pwdhash ) ){
                /* ok - redirect accordingly */
            }else{
                /* bogus - */
            }
        }
    }
}

关于表单和 validateIn.php 脚本中使用的逻辑 - 这对我来说似乎工作正常(尽管删除了所有 db 调用) - 希望这一切都证明了一些帮助,但我会说你假设安全性是错误的在您的项目中并不重要,因为它只是一个学校练习......永远不要太早采用最佳实践'-)

<?php

    if( $_SERVER['REQUEST_METHOD']=='POST' ){
        /* POST to same page to emulate posting to validateIn.php */
        if( isset( $_POST['signin'] ) ) {

            echo "if number 1 <br>";



            if( isset( $_POST['studentNumber'], $_POST['pass'] ) && !empty( $_POST['studentNumber'] ) && !empty( $_POST['pass'] ) ){

                echo "if number 2";

            } else {

                echo 'Bogus - empty or missing fields';

            }
        } else{ 
            echo "else number 2";
        }
    }
?>
<!DOCTYPE html>
<html lang='en'>
    <head>
        <meta charset='utf-8' />
        <title></title>
    </head>
    <body>

        <form method="POST">
            <label>
                <strong>Student Number: </strong>
                <input type="text" name="studentNumber" value="<?php echo isset( $_POST['studentNumber'] ) ? $_POST['studentNumber'] : '' ?>" />
            </label>
            <br />
            <label>
                <strong>Password:</strong>
                <input type="password" name="pass" />
            </label>
            <br />
            <input type="submit" name='signin' value="Sign In" />
        </form>

    </body>
</html>

推荐阅读