如何编辑此PHP登录脚本的表单错误以在原始页面上输出错误?
我一直在看下面的PHP登录教程:http://www.evolt.org/node/60265 最终,我会进一步开发它的功能,但我首先要做的是一件事。我已经得到了我的测试网站上的脚本工作,我可以注册和登录成功。然而,我对错误检查感到不满,例如,如果用户未能填写必填字段,则错误“您未填写必填表单”将显示在空白网页上-我如何才能使其显示在表单的同一页面上(一旦提交)如何编辑此PHP登录脚本的表单错误以在原始页面上输出错误?,php,login-script,Php,Login Script,我一直在看下面的PHP登录教程:http://www.evolt.org/node/60265 最终,我会进一步开发它的功能,但我首先要做的是一件事。我已经得到了我的测试网站上的脚本工作,我可以注册和登录成功。然而,我对错误检查感到不满,例如,如果用户未能填写必填字段,则错误“您未填写必填表单”将显示在空白网页上-我如何才能使其显示在表单的同一页面上(一旦提交) 编辑:谢谢迈克尔,我已经根据你的回答更新了我的代码,但是我想我误解了或者在某个地方犯了错误,因为现在我的页面是空白的。我已经看了好几遍
编辑:谢谢迈克尔,我已经根据你的回答更新了我的代码,但是我想我误解了或者在某个地方犯了错误,因为现在我的页面是空白的。我已经看了好几遍了,但我还是不确定 更新的代码
<?php
session_start();
include('./templates/dbconnect.php');
global $logged_in;
/**
* Returns true if the username has been taken
* by another user, false otherwise.
*/
function usernameTaken($username){
global $con;
if(!get_magic_quotes_gpc()){
$username = addslashes($username);
}
$query = "select username from users where username = '$username'";
$result = mysql_query($query,$con);
return (mysql_numrows($result) > 0);
}
/**
* Inserts the given (username, password) pair
* into the database. Returns true on success,
* false otherwise.
*/
function addNewUser($username, $password, $firstname, $lastname, $email){
global $con;
$query = "INSERT INTO users(username, password, firstname, lastname, email) VALUES ('$username', '$password', '$firstname', '$lastname' , '$email')";
return mysql_query($query,$con) or die(mysql_error());
}
/**
* Displays the appropriate message to the user
* after the registration attempt. It displays a
* success or failure status depending on a
* session variable set during registration.
*/
function displayStatus(){
$uname = $_SESSION['reguname'];
if($_SESSION['regresult']){
?>
Registered!
Thank you <b><?php echo $uname; ?></b>, your information has been added to the database, you may now <a href="main.php" title="Login">log in</a>.
<?php
}
else{
?>
Registration Failed
We're sorry, but an error has occurred and your registration for the username <b><? echo $uname; ?></b>, could not be completed.<br>
Please try again.
<?php
}
unset($_SESSION['reguname']);
unset($_SESSION['registered']);
unset($_SESSION['regresult']);
}
if(isset($_SESSION['registered'])){
/**
* This is the page that will be displayed after the
* registration has been attempted.
*/
?>
<html>
<head>
<title>Register</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<div class="container">
<?php include('./templates/header.php'); ?>
<div class="content">
<?php displayStatus(); ?>
</div>
<div class="footer">Copyright © 2011 Richard Day.</div>
</div>
</body>
</html>
<?php
return;
}
/**
* Determines whether or not to show to sign-up form
* based on whether the form has been submitted, if it
* has, check the database for consistency and create
* the new account.
*/
if(isset($_POST['submit'])){
/* Make sure all fields were entered */
// Initialize an empty container for all the errors
$errors = "";
if(!$_POST['username'] || !$_POST['password'] || !$_POST['firstname'] || !$_POST['lastname'] || !$_POST['email']){
// die('You didn\'t fill in a required field.');
$errors .= "You didn\'t fill in a required field.<br />\n";
}
/* Spruce up username, check length */
$_POST['username'] = trim($_POST['username']);
if(strlen($_POST['username']) > 16){
//die("Sorry, the username is longer than 16 characters, please shorten it.");
$errors .= "Sorry, the username is longer than 16 characters, please shorten it.<br />\n";
}
/* Check if username is already in use */
if(usernameTaken($_POST['username'])){
$use = $_POST['username'];
$errors .="Sorry, the username: <strong>$use</strong> is already taken, please pick another one.";
//die("Sorry, the username: <strong>$use</strong> is already taken, please pick another one.");
}
// No previous errors, so it's safe to store the variables.
if (empty($errors)) {
/* Add the new account to the database */
$md5pass = md5($_POST['password']);
$_SESSION['reguname'] = $_POST['username'];
$_SESSION['regfirstname'] = $_POST['firstname'];
$_SESSION['reglastname'] = $_POST['lastname'];
$_SESSION['regemailname'] = $_POST['email'];
$_SESSION['regresult'] = addNewUser($_POST['username'], $md5pass, $_POST['firstname'], $_POST['lastname'], $_POST['email']);
$_SESSION['registered'] = true;
echo "<meta http-equiv=\"Refresh\" content=\"0;url=$_SERVER[PHP_SELF]\">";
return;
}
?>
<html>
<head>
<title>Register</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<div class="container">
<?php include('./templates/header.php'); ?>
<div class="content">
<?php
if (!empty($errors) || !isset($_POST['submit'])) {
// Display all the accumulated errors (if any)
echo $errors;
/**
* This is the page with the sign-up form, the names
* of the input fields are important and should not
* be changed.
*/
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table align="center" border="0" cellspacing="0" cellpadding="3">
<tr><td><b>Register</b></td></tr>
<tr><td>Username:</td><td><input type="text" name="username" maxlength="16"></td></tr>
<tr><td>Password:</td><td><input type="password" name="password" maxlength="30"></td></tr>
<tr><td>First name:</td><td><input type="text" name="firstname" maxlength="32"></td></tr>
<tr><td>Last name:</td><td><input type="text" name="lastname" maxlength="32"></td></tr>
<tr><td>E-mail:</td><td><input type="text" name="email" maxlength="64"></td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="submit" value="Register"></td></tr>
</table>
</form>
</div>
<div class="footer">Copyright © 2011 Richard Day.</div>
</div>
</body>
</html>
<?php
}
?>
注册!
谢谢,您的信息已添加到数据库中,您现在可以。
注册失败
很抱歉,出现了一个错误,您的用户名注册无法完成。
请再试一次。
登记
版权所有©2011 Richard Day。
不要使用die()
退出时出错。相反,将错误消息累积到一个变量中,您可以在表单上方显示该变量
// Initialize an empty container for all the errors
$errors = "";
if(!$_POST['username'] || !$_POST['password'] || !$_POST['firstname'] || !$_POST['lastname'] || !$_POST['email']){
// Don't use die()
//die('You didn\'t fill in a required field.');
// Instead add this error to the $errors string.
$errors .= "You didn\'t fill in a required field.<br />\n";
}
// Do the same for all the error conditions...
关于SQL注入的进一步说明<代码>魔术\u引号\u gpcmysql\u real\u escape\u string()addslashes()在将
$\u POST<html>
<head>
</head>
<body>
<?php
if(!isset($_GET['login']))
{
//Print out the login form.
}
else
{
//Check the login, if any errors occurs, print errors along with form.
}
?>
</body>
</html>
<form name="login" action="index.php" method="get">
Username: <input name="username" type="text" />
<br />
Password: <input name="password" type="password" />
<br />
<input type="submit" value="Login" />
</form>
用户名:
密码:
<form name="login" action="index.php" method="get">
Username: <input name="username" type="text" />
<br />
Password: <input name="password" type="password" />
<br />
<input type="submit" value="Login" />
</form>
我没有检查您的代码是否有错误或潜在的安全漏洞,我只是回答了您的问题。Michael是对的。然而,evolt的整个脚本相当。。。丑陋的。我真的建议你从中学到的东西,然后从头开始重写。谢谢Michael,我用我编辑的代码更新了我的问题-好像我在某个地方犯了错误…你已经将
$errors””空()elseelsedisplay\u errors<html>
<head>
</head>
<body>
<?php
if(!isset($_GET['login']))
{
//Print out the login form.
}
else
{
//Check the login, if any errors occurs, print errors along with form.
}
?>
</body>
</html>
<form name="login" action="index.php" method="get">
Username: <input name="username" type="text" />
<br />
Password: <input name="password" type="password" />
<br />
<input type="submit" value="Login" />
</form>