Javascript 在PHP中,当按下后退按钮时,如何停止显示警报框?
我的PHP代码工作正常,但问题是,当我按下后退按钮时,警报对话框再次出现。登录时需要“警报”对话框,该对话框工作正常。但当我按下后退按钮时,它再次显示警报框Javascript 在PHP中,当按下后退按钮时,如何停止显示警报框?,javascript,php,Javascript,Php,我的PHP代码工作正常,但问题是,当我按下后退按钮时,警报对话框再次出现。登录时需要“警报”对话框,该对话框工作正常。但当我按下后退按钮时,它再次显示警报框 <?php if($_POST){ $host = "localhost"; $user = "root"; $pass = ""; $db = "erp"; $userId = $_POST['myusername']; $password = $_POST['mypasswor
<?php
if($_POST){
$host = "localhost";
$user = "root";
$pass = "";
$db = "erp";
$userId = $_POST['myusername'];
$password = $_POST['mypassword'];
$conn = mysqli_connect($host,$user,$pass,$db);
$query = "SELECT * from user where user_id='$userId'";
$result = mysqli_query($conn,$query);
$num = mysqli_num_rows($result);
$row = mysqli_fetch_assoc($result);
if($row["user_id"]==$userId){
if($row["password"]==$password){ //when user_id and password
//match, go to check
//usertype
switch($row["user_type_id"]){
case 1: session_start();
$_SESSION['erp']='true';
header('location:acc_setting.php');
break;
case 2: session_start();
$_SESSION['erp']='true';
header('location:dashboard.php');
break;
case 3: session_start();
$_SESSION['erp']='true';
header('location:c_course.php');
break;
}
}
else{
echo '<script language="javascript">';
echo 'alert("Invalid Password")';
echo '</script>';
}
}
else{
echo '<script language="javascript">';
echo 'alert("Invalid Username")';
echo '</script>';
}
}
?>
忽略我在评论中提到的安全问题,并具体回答您随后的问题
我如何设置会话变量并将其重定向到同一页面<?php
if( $_POST ){
session_start();
$host = 'localhost';
$user = 'root';
$pass = '';
$db = 'erp';
$conn = mysqli_connect( $host, $user, $pass, $db );
$destinations=array(
1 => 'acc_setting.php',
2 => 'dashboard.php',
3 => 'c_course.php'
);
$userId = $_POST['myusername'];
$password = $_POST['mypassword'];
/*
This should be a prepared statement
-> $sql='select `password` from `users` where `user_id`=?';
-> $stmt=$conn->prepare( $sql );
-> $stmt->bind_param('s',$userid );
etc etc
The passwords should be hashed in the db using password_hash
and verified in PHP using password_verify
NEVER store plain text passwords
*/
$query = "SELECT * from user where user_id='$userId'";
$result = mysqli_query($conn,$query);
$num = mysqli_num_rows($result);
$row = mysqli_fetch_assoc($result);
if( $row['user_id']==$userId ){
/*
this should be password_verify
*/
if( $row['password']==$password ){
$_SESSION['erp']='true';
exit( header( sprintf( 'Location: %s', $destinations[ $row['user_type_id'] ] ) ) );
} else{
$_SESSION['error']='Invalid Password';
}
} else{
$_SESSION['error']='Invalid Username';
}
/*
An error must have occurred, redirect back to oiginal page
*/
exit( header( sprintf('Location: %s', $_SERVER['SCRIPT_NAME'] ) ) );
}
?>
您有比警报更令人担忧的问题要处理-看起来您正在数据库中存储纯文本密码!!此外,上述问题容易受到SQL注入的影响。为了避免您面临的问题,设置会话变量并重定向回同一页面,而不是立即调用javascript,然后测试该会话,然后调用javascriptOne另一件事:最好是简单地让用户知道用户名或密码是错误的,而不是一个或另一个,因为它可能会泄漏有关有效UsersHanks的信息,但是如何设置会话变量并将其重定向到同一页面?
<form>
<!--
various form elements
-->
<?php
if( !empty( $_SESSION['error'] ) ){
echo $_SESSION['error'];
unset( $_SESSION['error'] );
}
?>
</form>