Html 登录表单不起作用 [英] Html LogIn form not functioning
问题描述
好的,我有一个如下所示的登录表单:
Ok, I have a login form that looks like this:
<form id="loginForm" name="loginForm" method="post" action="login-exec.php">
<table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<td width="112"><b>Login</b></td>
<td width="188"><input name="login" type="text" class="textfield" id="login" /></td>
</tr>
<tr>
<td><b>Password</b></td>
<td><input name="password" type="password" class="textfield" id="password" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Login" /></td>
</tr>
</table>
</form>
现在,此表单位于名为 members 的目录中的页面上.当我将它放在主目录中的页面上并将操作更改为members/login-exec.php"当我尝试登录时,它只会刷新页面,但浏览器中的页面名称更改为正在执行的操作放在表格中.
Now, This form is on a page in a directory called members. When i put it on a page in the home directory and change the action to "members/login-exec.php" When I try to logIn it just refreshes the page, but the name of the page in the browser changes to the actions taking place in the form.
伙计们,有没有关于让这个工作的想法?
Any ideas on making this work guys?
编辑,这里是 login-exec.php 代码:
EDIT, heres the login-exec.php code:
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);
//Input Validations
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login-form.php");
exit();
}
//Create query
$qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
session_write_close();
header("location: members.php");
exit();
}else {
//Login failed
header("location: login-failed.php");
exit();
}
}else {
die("Query failed");
}
?>
推荐答案
首先,这是您的表单,但没有表格.这应该更容易调试,而且更具语义:
First, here's your form but without the tables. This should be a bit easier to debug and it is more semantic:
<form id="loginForm" name="loginForm" method="post" action="members/login-exec.php">
<fieldset id="login_fields">
<label for="login">Login</label>
<input name="login" type="text" class="textfield" id="login" />
<label for="password">Password</label>
<input name="password" type="password" class="textfield" id="password" />
<input type="submit" name="Submit" value="Login" />
</fieldset>
</form>
所以棘手的部分是弄清楚错误是发生在表单还是脚本上.我总是假设脚本,但它令人耳目一新,这很奇怪.
So the tricky part is figuring out if the error is happening with the form or the script. I would always assume the script, but it's refreshing, which is strange.
让脚本做一些愚蠢的事情,而不是检查 post 变量.比如让脚本输出输入的用户名,或者只是我是你的脚本.点击提交让你来到这里."
Have the script do something silly instead of checking the post variables. Like have the script output the user name entered, or just "I am your script. Clicking submit got you here."
如果脚本输出您使用的任何内容,则表示表单没问题(我认为).
If the script outputs whatever you use, that means the form is fine (I think).
您是否更新了 header("Location: members.php") 部分的脚本以重定向到 members.php 脚本的相对位置?
Did you update the script for the header("Location: members.php") part to redirect to the relative location of the members.php script?
为避免相对位置问题,您可以始终使用完整路径,因此请执行以下操作:
To avoid relative location issues, you could always use the full path, so make the action:
action="/members/login-exec.php"
不管你把它放在哪里,这都会起作用.
and this will work no matter where you put it.
对登录验证脚本做同样的事情:
And do the same for the login verification script:
header("Location: /members/members.php")
或者,如果您愿意,甚至可以使用完整路径.
Or you could even use the full path if you are comfortable with that.
其他几件事:
一:您还可以使用操作/位置的完整 URL.我会考虑至少对 Location 标头执行此操作.由于表单似乎去某处做某事,所以动作部分可能没问题.但是位置标头可能有点暴躁.
One: You could also use the full URL for the action/location. I would consider doing this at least for the Location header. Since the form seems to go somewhere and do something, the action part is probably fine. But the location header is probably a bit more testy.
第二:我想知道脚本做一些奇怪的事情的原因是否是因为 PHP 试图猜测文件的位置.默认情况下,PHP 会寻找一个包含文件,如果它不在它应该在的位置(不幸的是,这使得 PHP 极易被利用).也许它对 Location 标头做同样的事情?我真的很怀疑,但它可能与我没有注意到的另一个点有关.
Second: I'm wondering if the reason why the script is doing something weird is because PHP is trying to guess where the files are. PHP by default will seek out an included file if it's not where it's supposed to be (which makes PHP extremely exploitable, unfortunately). Maybe it does the same thing for Location headers? I really doubt it, but it could be related at another point I'm not noticing.
这篇关于Html 登录表单不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
