dongmufen8105 2018-02-26 10:36
浏览 37
已采纳

PHP POST请求重定向到root / xampp仪表板

I have a login page with a form with POST method and no action defined (or action to self). I use some functions to do the login, and when some field of the form is left empty or the login credentials are not valid, I´m being redirected to XAMPP dashboard. Its like as if my else statement is not kicking in. Any idea why?

if(ifItIsMethod('post')){

    if(isset($_POST['username']) && isset($_POST['password'])){

        login_user($_POST['username'], $_POST['password']);
    }else{
        echo "bla bla";
    }
}

I tried else{ header(..)} and nothing happens, it just redirects to dashboard.

I have a test version online where the same happens, its here: http://hotfol.com/cms/login_page.php

Thank you!!

Edit: functions

function ifItIsMethod($method=null){

    if($_SERVER['REQUEST_METHOD'] == strtoupper($method)){
        return true;
    }else{
        return false;
    }
}

function login_user($typed_username, $typed_password){
    global $connection;


$typed_username = escape($typed_username);
$typed_password = escape($typed_password);


$query = "SELECT * FROM users WHERE username = '$typed_username'";
$select_user_query = mysqli_query($connection, $query);
if(!$select_user_query) {
    die ("query failed" . mysqli_error($connection));
}

$row = mysqli_fetch_assoc($select_user_query);
    $user_id    = escape($row['user_id']);
    $username   = escape($row['username']);
    $password   = escape($row['user_password']);
    $firstname  = escape($row['user_firstname']);
    $lastname   = escape($row['user_lastname']);
    $user_role  = escape($row['user_role']);


    if (password_verify($typed_password, $password)) {

    $_SESSION['username']  = $username;
    $_SESSION['firstname'] = $firstname;
    $_SESSION['lastname']  = $lastname;
    $_SESSION['user_role'] = $user_role;
    $_SESSION['user_id']   = $user_id;

    header('Location: admin/index.php');
}else{
    header('Location: ../index.php');
    }
}
  • 写回答

1条回答 默认 最新

  • douzhi9478 2018-02-26 10:41
    关注

    Your inner if statement is always true, but you cannot login when one is empty. Both username and password are always set, but one of them is empty (still set) and the login_user function receives empty data so it cannot login a user. Use empty() - it shows true when there is an ampty string.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 PADS Logic 原理图
  • ¥15 PADS Logic 图标
  • ¥15 电脑和power bi环境都是英文如何将日期层次结构转换成英文
  • ¥20 气象站点数据求取中~
  • ¥15 如何获取APP内弹出的网址链接
  • ¥15 wifi 图标不见了 不知道怎么办 上不了网 变成小地球了
  • ¥50 STM32单片机传感器读取错误
  • ¥15 (关键词-阻抗匹配,HFSS,RFID标签天线)
  • ¥15 机器人轨迹规划相关问题
  • ¥15 word样式右侧翻页键消失