douxiyi2418 2014-08-27 08:40
浏览 61

JQuery没有在PHP上工作[关闭]

I try to run this on my cpanel hosting, but nothing come out. when I try at my PC using localhost the page is reload.

Suppose this page will display Loading effect when using login into the system

this are my code

<?php 
require_once('Connection/connect.php'); 
$name = $_GET['username'];
$pwd = $_GET['password'];
?>

<?php
$linktemp="http://$_SERVER[HTTP_HOST]" . "/PointerSystem";
if( ($_GET['username']==NULL) || ($_GET['password']==NULL) )    {
header("Location:index.php?mode=empty");
        exit();

}   else
{
    mysql_select_db($database, $connect) or die(mysql_error());
    $query = "SELECT * FROM user WHERE matricID='$name' && password ='$pwd' LIMIT 1";
    $result = mysql_query($query);
    $count = mysql_num_rows($result);
    $row = mysql_fetch_assoc($result);

    if( $name=="" || $pwd=="" ) {

        header("Location:index.php?mode=empty");
        exit();

    }   elseif(($row['matricID']==$name) && ($row['password']==$pwd) )      {

        $p1 = $row['matricID'];
        $p2 = $row['password'];

         session_start();
        $_SESSION['name'] = $row['matricID'];

        ?>
            <script language="javascript" type="text/javascript" > window.setTimeout(function() { window.location = 'mainmenu.php'; }, 3000); </script>
            <?php
    }elseif (($row['matricID']!=$name) || ($row['password']!=$pwd) )/*|| ($row['level']!="admin")  || ($row['level']!="user")*/ {

            header("Location:index.php?mode=wrong");
            exit();
    }
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Direct Login</title>
<link rel="stylesheet" type="text/css" href="css/loading.css" />
<link rel="stylesheet" type="text/css" href="css/loading2.css" />
<link rel="stylesheet" type="text/css" href="css/loading4.css" />
<link rel="stylesheet" type="text/css" href="css/loading5.css" />
<script src="js/loading.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>

</head>

<body style="background: #fff url('images/bg.jpg') repeat top left;">
<div id="loading2">
<p id="loading-font2">Redirect......</p>
  <img id="loading-image2" src="images/ajax-loader2.gif" />
</div>
<div id="loading">
<p id="loading-font">Please Wait, Validation In Progress......</p>
  <img id="loading-image" src="images/ajax-loader.gif" />
</div>
<script language="javascript" type="text/javascript">
$(window).load(function(){ $("#loading").hide().delay(700).show(0); $("#loading").fadeOut(5000);});
$(window).on("load",function() { $("#loading2").delay(600).fadeOut(2); $("#loading2").show(); });
</script>


</body>

</html>

PROBLEM Solved. On @TUNAMAXX guid I already change the code above, so here is the correction one. Thank @TUNAMAXX and @vlzvl. Already manage to post the data.

<?php require_once('Connection/connect.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Direct Login</title>
<link rel="stylesheet" type="text/css" href="css/loading.css" />
<link rel="stylesheet" type="text/css" href="css/loading2.css" />
<link rel="stylesheet" type="text/css" href="css/loading4.css" />
<link rel="stylesheet" type="text/css" href="css/loading5.css" />
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>

</head>

<body style="background: #fff url(images/bg.jpg) repeat top left;">

<?php
$name = $_POST['username'];
$pwd = $_POST['password'];

/*$linktemp="http://$_SERVER[HTTP_HOST]" . "/PointerSystem";*/
if( ($_POST['username']==NULL) || ($_POST['password']==NULL) )  {
header("Location:index.php?mode=empty");
        exit();

}   else
{
    mysql_select_db($database, $connect) or die(mysql_error());
/* -------------------------------------------------------------------------------------------
* I still don't search about SQL Inject yet,Comic that you give me seem like troll Comic ^_^ 
* ---------------------------------------------------------------------------------------- */
    $query = "SELECT * FROM user WHERE matricID='$name' && password ='$pwd' LIMIT 1";
    $result = mysql_query($query);
    $count = mysql_num_rows($result);
    $row = mysql_fetch_assoc($result);

    if( $name=="" || $pwd=="" ) {

        header("Location:index.php?mode=empty");
        exit();

    }   elseif(($row['matricID']==$name) && ($row['password']==$pwd) )      {
/* -------------------------------------------------------------------------------------------
* I thought wanna use this as holder name or Welcome : USER . But not here 
* ---------------------------------------------------------------------------------------- */
        $p1 = $row['matricID'];
        $p2 = $row['password'];

         session_start();
        $_SESSION['name'] = $row['matricID'];


            echo"<script>
window.setTimeout(function() {
    window.location = 'mainmenu.php';
  }, 3000);
</script>";
    }elseif (($row['matricID']!=$name) || ($row['password']!=$pwd)) {

            header("Location:index.php?mode=wrong");
            exit();
    }
}
?>

<div id="loading2">
<p id="loading-font2">Redirect......</p>
  <img id="loading-image2" src="images/ajax-loader2.gif" />
</div>
<div id="loading">
<p id="loading-font">Please Wait, Validation In Progress......</p>
  <img id="loading-image" src="images/ajax-loader.gif" />
</div>
<script language="javascript" type="text/javascript">
$(window).load(function(){
      $("#loading").hide().delay(700).show(0);
     $('#loading').fadeOut(5000);
});

  $(window).on("load",function() {
   $("#loading2").delay(600).fadeOut(2);
$("#loading2").show();
  });
</script>


</body>

</html>
  • 写回答

1条回答 默认 最新

  • dousongxuan7507 2014-08-27 08:56
    关注

    There are many, many errors in this code. The first is with outputting any whitespace before a header() call. For instance, the opening and closing PHP tags on lines 5 and 7 generate a newline on line 6. That fouls up the first header() redirect.

    I will run through as much of the code as I can and bring back as many fixes as I can.

    EDIT: Here is some cleaned up / slightly fixed code. This code might 'work' for now, but it is scary. Do not use this in a production environment!

    <?php 
    require_once('Connection/connect.php');

    /* --------------------------------------------------------------
     * Explicitly set variable values, even if you make them null
     * ------------------------------------------------------------ */
    $name = isset($_GET['username']) ? $_GET['username'] : null;
    $pwd  = isset($_GET['password']) ? $_GET['password'] : null;

    /* --------------------------------------------------------------
     * You assign this and then never use it?
     * ------------------------------------------------------------ */
    $linktemp = "http://$_SERVER[HTTP_HOST]" . "/PointerSystem";

    if (($name == NULL) || ($pwd == NULL))
    {
        header("Location:index.php?mode=empty");
        exit();
    }
    else
    {
        mysql_select_db($database, $connect) or die(mysql_error());

        /* --------------------------------------------------------------
         * You have opened yourself up for s SQL injection attack here.
         * Use the modern mysqli_* functions or PDO, and make sure you
         * ALWAYS SANITIZE YOUR INPUTS before sending it to the database
         * See: http://xkcd.com/327/
         * ------------------------------------------------------------ */
        $query  = "SELECT * FROM user WHERE matricID='$name' && password ='$pwd' LIMIT 1";
        $result = mysql_query($query);
        $count  = mysql_num_rows($result);
        $row    = mysql_fetch_assoc($result);

        /* --------------------------------------------------------------
         * Why do you have this test here? It is the same test as on
         * line 15. If we failed it then, we're certainly going to fail
         * it again now.
         * ------------------------------------------------------------ */
        if( $name == "" || $pwd == "" )
        {
            header("Location:index.php?mode=empty");
            exit();
        }
        elseif (($row['matricID'] == $name) && ($row['password'] == $pwd))
        {
            /* --------------------------------------------------------------
             * You assign these and then never use them?
             * ------------------------------------------------------------ */
            $p1 = $row['matricID'];
            $p2 = $row['password'];

            session_start();
            $_SESSION['name'] = $row['matricID'];

            /* --------------------------------------------------------------
             * You can get away with closing PHP here...
             * ------------------------------------------------------------ */
?>
            <script language="javascript" type="text/javascript" > window.setTimeout(function() { window.location = 'mainmenu.php'; }, 3000); </script>
<?php
            /* --------------------------------------------------------------
             * ...and then opening PHP here because in this part of the if()
             * statement, you are not doing a header() redirect. If you were,
             * would break right here because you output ** anything **
             * before a header() call and PHP will pitch a fit.
             * 
             * HOWEVER, avoid intermixing PHP and HTML like this. It will be
             * nightmare to troubleshoot in the future. Yes, PHP will let
             * you dothings like this, but it's rarely a good idea.
             * ------------------------------------------------------------ */
        }
        elseif (($row['matricID'] != $name) || ($row['password'] != $pwd))
        {
            header("Location:index.php?mode=wrong");
            exit();
        }
    }
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Direct Login</title>
        <link rel="stylesheet" type="text/css" href="css/loading.css" />
        <link rel="stylesheet" type="text/css" href="css/loading2.css" />
        <link rel="stylesheet" type="text/css" href="css/loading4.css" />
        <link rel="stylesheet" type="text/css" href="css/loading5.css" />
        <script src="js/loading.js" type="text/javascript"></script>
        <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
    </head>

    <body style="background: #fff url('images/bg.jpg') repeat top left;">
        <div id="loading2">
            <p id="loading-font2">Redirect......</p>
            <img id="loading-image2" src="images/ajax-loader2.gif" />
        </div>
        <div id="loading">
            <p id="loading-font">Please Wait, Validation In Progress......</p>
            <img id="loading-image" src="images/ajax-loader.gif" />
        </div>
        <script language="javascript" type="text/javascript">
            $(window).load(function(){ $("#loading").hide().delay(700).show(0); $("#loading").fadeOut(5000);});
            $(window).on("load",function() { $("#loading2").delay(600).fadeOut(2); $("#loading2").show(); });
        </script>
    </body>

</html>

    I have a feeling that this code will work, but there are some serious problems with it:

    • There are confusing logic errors.
    • You are passing passwords as $_GET vars, aka in the query string, for everyone to see.
    • You are passing unsanitized user data in with your database queries.
    • You are not hashing passwords in any way.
    • etc.
    评论

报告相同问题?

悬赏问题

  • ¥15 R语言Rstudio突然无法启动
  • ¥15 关于#matlab#的问题:提取2个图像的变量作为另外一个图像像元的移动量,计算新的位置创建新的图像并提取第二个图像的变量到新的图像
  • ¥15 改算法,照着压缩包里边,参考其他代码封装的格式 写到main函数里
  • ¥15 用windows做服务的同志有吗
  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值