在php文件中弹出提醒脚本
我正在尝试让用户登录。如果密码和用户名错误,我想要一个弹出窗口来提醒用户出现错误。当他们关闭警报时,它会返回到index.php,这将返回到登录屏幕。在php文件中弹出提醒脚本
但是,当它是错误的密码/用户名,最终返回到index.php首先没有任何弹出消息。我的浏览器设置不阻止任何弹出窗口。我可以知道我做错了吗?
<?php
if($login == true){
//Do login process
//this portion works as long as correct username and password
}
else{
echo '<script language="javascript">alert("Please enter valid username and password");</script>';
header("location:index.php");
}
?>
//login.php
<?php
$username = "exampleuser";
$password = "examplepass";
$host = "localhost";
$dbHandle = mysql_connect($host, $username, $password) or die("Could not connect to database");
$selected = mysql_select_db("database_name", $dbHandle);
$myUserName = $_POST['user'];
$myPassword = $_POST['pass'];
if(ctype_alnum($myUserName) && ctype_alnum($myPassword)){
$query1 = "SELECT * FROM users WHERE username='$myUserName'";
$result1 = mysql_query($query1);
$count1 = mysql_num_rows($result1);
if($count1 == 1){
$query2 = "SELECT password FROM users WHERE username='$myUserName'";
$result2 = mysql_query($query2);
$row = mysql_fetch_array($result2, MYSQL_ASSOC);
$pass = $row['password'];
if(password_verify($myPassword, $pass)){
$seconds = 120 + time();
setcookie(loggedIn, date("F js - g:i a"), $seconds);
header("location:mysite.php");
}
else{
echo '<script language="javascript">
alert("Please enter valid username and password");
window.location.href = "http://index.php";
</script>';
die();
}
}
else{
echo '<script language="javascript">
alert("Please enter valid username and password");
window.location.href = "http://index.php";
</script>';
die();
}
}
else{
echo '<script language="javascript">
alert("Please enter valid username and password");
window.location.href = "http://index.php";
</script>';
die();
}
?>
如果你发送头文件到php它会直接在index.php页面进入你的条件后。
如果你试试这个代码:
<?php
if($login == true){
//Do login process
//this portion works as long as correct username and password
}
else{
echo '<script language="javascript">
alert("Please enter valid username and password");
window.location.href = "http://index.php";
</script>';
die();
}
,你会看到你的代码是正确的。您需要跟踪弹出式关闭时的事件,以通过ajax或http重定向重定向到index.php。
编辑1:
在这里,你有PDO一个完整的页面。这不是完成这项工作的最佳方式,但它可行。正如你将在评论中看到的,你必须避免xss攻击,你应该改变数据库结构,保存密码散列和盐以隐藏用户的清除密码。
这是代码。
<?php
//login.php
//connection via PDO
try{
$pdo = new PDO ('mysql:host=localhost; dbname=database_name', 'exampleuser' , 'examplepass', array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));
//alert errors and warnings
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}catch(PDOException $e){
exit('Database Error.');
}
//prepared statements sanitize input binding parameters, for you but you can use some libraries to prevent sql injection
$myUserName = trim(filter_var($_POST['user'], FILTER_SANITIZE_STRING));;
$myPassword = trim(filter_var($_POST['pass'], FILTER_SANITIZE_STRING));;
if(!empty($myUserName) && ctype_alnum($myUserName) && !empty($myPassword) && ctype_alnum($myPassword)){
$query1 = $pdo->prepare("SELECT password FROM users WHERE username = :username_param");
//bind parameter avoiding principal injection (pdo does not cover xss attacks, avoid it with other methods)
$query1->bindParam("username_param", $myUserName);
$result = $query1->fetch();
// or you can do $result = $query1->fetchColumn(); to get directly string instead of array
if($result['password']){
//you should use password_verify() if you have an hash stored in database, you should not save password in database.
//please google about best practice storing password, it's full of beautiful guides
//bad practice but will do the work
if($myPassword == $result){
$seconds = 120 + time();
setcookie('loggedIn', date("F js - g:i a"), $seconds);
header("location:mysite.php");
}else{
printAlert("Password incorrect");
}
}else{
printAlert("Username not valid");
}
}
else{
printAlert("Invalid data");
}
function printAlert($text){
echo "<script language='javascript'>
alert('$text');
window.location.href = 'http://index.php';
</script>";
die();
}
?>
,即使我删除header(),它仍然不起作用。我结束了一个空白页面。你能给我一个粗略的例子吗? –
当然,我更新了代码。简单地说:警告后的代码在弹出关闭后执行。客户端重定向是通过javascript调用的。服务器端die()函数被调用来防止禁用JavaScript hack来继续执行php脚本。 现在,如果你想通过PHP头重定向,我需要在你的完整脚本页面上做一个完整的编码,但我认为这是你正在寻找的。 – SBO
我明白你的意思了。但由于某种原因弹出窗口没有出现。登录发生在index.php。当单击登录按钮时,它将移动到在login.php中处理信息。如果正确,则会移至mysite.php以显示受保护的信息。使用上面的代码,当尝试使用错误的密码时,它会移至login.php并停留在那里,不显示弹出窗口并只显示一个白页。上面的代码是在login.php文件下编写的。 –
执行'echo'后PHP不停止。它继续告诉浏览器转向'index.php',因为所有这些都发生在服务器上,而不是在用户的浏览器中。 –
@TillHelge如果我完全删除头(),也不起作用。我最终看到一个空白页面,而不是回到index.php –