dongming4994 2014-04-15 07:40
浏览 51
已采纳

当用户登录失败时,错误消息未显示在登录表单下方

I'm new to php. I'm trying to add php to my website to check whether the login information matches the one which is stored in my database but for some reason the error message is not appearing below the login form when email address and password doesn't match. Here's my login form which is account.php:

<!--loginform-->
<p style="margin-left:30px; font-size:23px; margin-top:150px; font-family:Gisha;">Login or Create an Account</p>
<hr style="color:#666; width:95%; align:center; margin-top:-21px;">
<div id="center-login">
<table  cellpadding="10px" cellspacing="40px">
  <form id="form1" onSubmit="return validate()" action="checklogin.php" method="post">
    <tr>
      <td width="600px"><p style="font-family:Gisha;  font-size:19px; margin-top:-25px;">New Customers</p>
        <hr style="color:#F8F8F8; width:100%;  margin-top:-5px; "></td>
      <td width="600px"><p style="font-family:Gisha; font-size:19px; margin-top:-25px;">Registered Customers</p>
        <hr style="color:#F8F8F8; width:100%;  margin-top:-5px"></td>
    </tr>
    <tr>
      <td><p style="font-family:Gisha; font-size:16px; margin-top:-130px;">By creating an account with our store, you will be able to move through the checkout process faster, store multiple shipping addresses, view and track your orders in your account and more.</p>
        <br>
        <span>
        <input class="submit-log" style="padding:7px; background:black; color:white; font-weight:bold; font-size:19px; cursor:pointer;" type="button" value="Create an Account" onClick="window.location='newaccount.html'">
        </span></td>
      <td><p style="font-family:Gisha; font-size:16px; margin-top:-45px">If you have an account with us, please log in.</p>
        <p style="font-family:Gisha; font-size:18px; font-weight:bold;">Email Address</p>
        <p>

          <input type="text" id="username" name="email" class="input"><span id="errorIMG" style="visibility:hidden; margin-top:-5px;"><img src="images/Error.png" width="15" height="15" style=" margin-bottom:-2px;"/> <span id="errorMsg" style="color:#FF0000; font-family:Gisha;"></span></span>
        </p>
        <p style="font-family:Gisha; font-size:18px; font-weight:bold;">Password</p>
        <p>
          <input type="password" id="pwd" name="pwd"><span id="errorIMG1" style="visibility:hidden; margin-top:-5px;"><img src="images/Error.png" width="15" height="15" style=" margin-bottom:-2px;"/> <span id="errorMsg1" style="color:#FF0000; font-family:Gisha;"></span></span>
        </p>
        <span>
        <input class="submit-log" style="padding:8px; background:black; color:white; font-weight:bold; font-size:19px; cursor:pointer;" type="submit" name="login" value="Login">
        </span>

</table>
</div>
<div id="errorMsg">
<?php
if(isset($_GET['check']))
{
if($_GET['check']=="fail")
{
echo "<font color='red'><b>Wrong email/password combination</b></font>";
}
else
if($_GET['check']=="good")
{
header('Location:90210.html');
}
}
?>
</div>
</form>
<!--end of login form-->

This is the checklogin.php:

<?php
session_start();

$Email=$_POST['email'];
$Pwd=$_POST['pwd'];

$con=mysql_connect("localhost","root","");
if(!$con){
die('Could not connect:' .mysql_error());
}
echo "Connected successfully.";
$database=mysql_select_db('90210store');
if(!$database){
die('<br>Could not select database:' .mysql_error());
}
echo "<br>Database successfully selected";

$result = mysql_query("SELECT * FROM login
 WHERE EmailAdd='$Email' AND Password='$Pwd' LIMIT 1") or      die('QueryFailed:'.mysql_error());

if(mysql_num_rows($result) == 1) {
    $ID= $_SESSION['ID']=1234;
    header('Location:verifyuser.php');
    exit();
}


else {
   header('Location:account.php');
   exit();
}

mysql_close($con);
?>

This is verifyuser.php:

<?php
session_start();

if(isset($_SESSION['ID']))
{
echo "<script>alert('Login successful!');</script>";
echo "<script>window.location = '90210.html';</script>";
exit();
}

else
{
header('Location:account.php');
exit();
}
?>

Why is it not showing? Please try to solve this. Thank you.

  • 写回答

1条回答 默认 最新

  • douxiajiao8445 2014-04-15 07:47
    关注

    Without knowing the cause of this, by reading the symptoms you describe it becomes clear that most likely the variable $_GET['check'] simply is not set. It might also be that it is just not set in case of a failed login attempt or hold a value different to "good" or "fail". But since you did not post the code for the validation that is something we only can guess.

    In addition your php code is error prone. I suggest you change it towards this structure: 

    <?php
if (   isset($_GET['check']) {
    && $_GET['check']=="good") ) {
        header('Location:90210.html');
} else {
    echo "<font color='red'><b>Wrong email/password combination</b></font>";
}
?>

    1. always test for the good case and handle that, treat everything else as bad case, that way you automatically handle unexpected cases.

    2. you combined two if conditions, but no else. That means if none of the conditions evaluated to true, then nothing would happen. That is not what you want.

    3. I suggest to combine the two checks (existance and value of that variable) into one single check by using a boolean AND operator (&&). That way you have a clear distinction: either all is fine, or something is not ok, in which case you most likely will block access. That way your code is much less complex, thus more robust.

    Some general remarks:

    • you appear to store the users passwords inside the database in plain text! That is a very bad style and opens security risks for you and for the user. Instead you should never store the real password but only a hash of it. Then during a login attempt you again hash the provided password and compare the hashes. That way you prevent a password leak even if your system gets compromised. Also keep in mind for this that a hash is something else than an encryption, you want to use a hash here.

    • you are using a deprecated database driver, phps old mysql extension. Please consult the excellent documentation about this. You definitely should switch to the more modern and more robust new mysqli extension or PDO and learn about the advantages of "prepared statements". Your current code is wide open to sql injections.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 HFSS 中的 H 场图与 MATLAB 中绘制的 B1 场 部分对应不上
  • ¥15 如何在scanpy上做差异基因和通路富集?
  • ¥20 关于#硬件工程#的问题,请各位专家解答!
  • ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
  • ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
  • ¥30 截图中的mathematics程序转换成matlab
  • ¥15 动力学代码报错,维度不匹配
  • ¥15 Power query添加列问题
  • ¥50 Kubernetes&Fission&Eleasticsearch
  • ¥15 報錯:Person is not mapped,如何解決?