Fatal编程技术网
  • php/
  • Php 登录页面无法继续请求?

Php 登录页面无法继续请求?

php

Php 登录页面无法继续请求?,php,Php,我有一个使用MVC模式的登录系统,虽然它仍然是程序化的,而且已经4个小时没有工作了。它继续执行最后一条“else”语句,该语句重定向回login.php。这是我的密码 登录页面: <?php include 'view/template/header.php' ?> <div class="container"> <div class="row"> <div class="col-lg-6 col-lg-offset-3">

我有一个使用MVC模式的登录系统,虽然它仍然是程序化的,而且已经4个小时没有工作了。它继续执行最后一条“else”语句,该语句重定向回login.php。这是我的密码

登录页面:

<?php include 'view/template/header.php' ?>

<div class="container">
    <div class="row">
        <div class="col-lg-6 col-lg-offset-3">
            <div class="login-style">
            <h2>Silahkan Login</h2>
                <form action="controller/controller-login-admin.php" method="POST">
                <div class="form-group">
                    <label for="username">Username:</label>
                    <input type="text" name="username" class="form-control" id="username">
                </div>
                <div class="form-group">
                    <label for="pwd">Password:</label>
                    <input type="password" name="password" class="form-control" id="pwd">
                </div>
                    <button type="submit" name="submit-admin-login" class="btn btn-primary">Submit</button>
                </form> 
            </div>
        </div>
    </div>
</div>

<?php include 'view/template/footer.php' ?>

<?php

require_once $_SERVER['DOCUMENT_ROOT']. '/project-school-frontend/config/database.php';

function loginUser($username, $password){

    global $koneksi;
    if (empty($username) && !empty($password)) 
        {
            $_SESSION['pesan'] = 'Userid harus diisi';
            $_SESSION['alert'] = 'info';
            header('location:../login.php');
        }
        elseif (empty($password) && !empty($username)) 
        {
            $_SESSION['pesan'] = 'Password harus diisi';
            $_SESSION['alert'] = 'info';
            header('location:../login.php');
        }
        elseif (empty($username && $password)) 
        {
            $_SESSION['pesan'] = 'Userid dan password wajib diisi';
            $_SESSION['alert'] = 'info';
            header('location:../login.php');
        }
        else
        {
            $sql= "SELECT * FROM admin WHERE username='$username' AND password='$password'";
            $query= mysqli_query($koneksi, $sql);
            $result= mysqli_num_rows($query);
            $row = mysqli_fetch_array($query);

            if($result > 0)
            {
                session_start();
                $_SESSION['username']=$row['username'];
                $_SESSION['level'] = $row['level'];
                header('Location: ../view/admin-dashboard.php');
            }
            else
            {
                header('Location: ../login.php');
            }
        }
}  


Silahkan登录
用户名:
密码:
提交
控制器

<?php 
require_once $_SERVER['DOCUMENT_ROOT']. '/project-school-frontend/admin/model/admin-model-master.php';

if (isset($_POST['submit-admin-login'])){
    $username=mysqli_real_escape_string($koneksi, $_POST['username']);
    $password=mysqli_real_escape_string($koneksi, md5($_POST['password']));
    loginUser($username, $password);
}

我可以看到您有一些问题


  • 此功能做得太多,需要重新安排
    • 

  • 相比之下,你有一个错误
    • 

  • 您必须在该sql语句上绑定参数,这是不安全的,并且可能会打乱查询,具体取决于这些字段中的内容
    • 

  • 不要将
    会话\u start()
    置于
    条件中
    • 

  • 您应该使用
    password\u hash()
    password\u verify()
    (或等效库)来存储和比较密码
    • 
/config.php
    
拥有一个包含基本内容的配置文件,并始终将页面作为第一件要加载的事情包含在每个顶级页面上
    

    <?php
# Error reporting ON for development
error_reporting(E_ALL);
ini_set('display_errors',1);
# Define separators for full compatibility
define('DS',DIRECTORY_SEPARATOR);
define('ROOT_DIR',__DIR__);
define('FUNCTIONS',ROOT_DIR.DS.'functions');
# Start the session by default
session_start();
# Add the database
require_once(ROOT_DIR.DS.'project-school-frontend'.DS.'config'.DS.'database.php');

    

    试试这个
    $query=mysqli_query($koneksi,$sql)或die(mysqli_error($koneksi))非常感谢您的回复。非常感谢。不管怎样,它不起作用。我的登录页面仍然没有打开。没有消息,但重定向到登录页面,再次输入此
    $row=mysqli\u fetch\u数组($query);打印(行);退出<?php
function setError($pesan,$alert,$redirect = false)
    {
        $_SESSION['pesan'] = $pesan;
        $_SESSION['alert'] = $alert;
        # Redirect if set
        if($redirect) {
            header("Location: {$redirect}");
            exit;
        }
    }

    

    <?php
function loginUser($koneksi, $username, $password){
    # Add messaging error
    include_once(FUNCTIONS.DS.'setError.php');
    # Trim out values
    $username = (!empty($username))? trim($username) : false;
    $password = (!empty($password))? trim($password) : false;
    # First check if either value is empty
    if(empty($username) || empty($password)) {
        # If both empty, set message
        if(empty($username) && empty($password))
            $msg = 'Userid dan password wajib diisi';
        # If username empty, set message
        elseif(empty($username))
            $msg = 'Userid harus diisi';
        # If password empty, set message
        elseif(empty($password))
            $msg = 'Password harus diisi';
        # If something is really wrong, make unknown
        else
            $msg = 'Unknown error';
        # Set session values, redirec
        setError($msg,'info','../login.php');
    }
    else {
        # Fetching the user from DB should be a function like getAdmin($koneksi,$username,$password)
        # !***** BIND PARAMETERS HERE, THIS IS UNSAFE!!! ******!
        $sql= "SELECT * FROM admin WHERE username='$username' AND password='$password'";
        $query= mysqli_query($koneksi, $sql);
        $result= mysqli_num_rows($query);
        $row = mysqli_fetch_array($query);

        if($result > 0){
            $_SESSION['username'] = $row['username'];
            $_SESSION['level']    = $row['level'];
            header('Location: ../view/admin-dashboard.php');
            exit;
        }
        else{
            setError('Invalid Username or Password','info','../login.php');
        }
    }
}