我的 PHP 代码工作正常,但问题是,当我按下后退按钮时,警告对话框再次出现。登录时需要警报对话框,它可以正常工作。但是当我按下后退按钮时,它再次显示警告框。
<?php
if($_POST){
$host = "localhost";
$user = "root";
$pass = "";
$db = "erp";
$userId = $_POST['myusername'];
$password = $_POST['mypassword'];
$conn = mysqli_connect($host,$user,$pass,$db);
$query = "SELECT * from user where user_id='$userId'";
$result = mysqli_query($conn,$query);
$num = mysqli_num_rows($result);
$row = mysqli_fetch_assoc($result);
if($row["user_id"]==$userId){
if($row["password"]==$password){ //when user_id and password
//match, go to check
//usertype
switch($row["user_type_id"]){
case 1: session_start();
$_SESSION['erp']='true';
header('location:acc_setting.php');
break;
case 2: session_start();
$_SESSION['erp']='true';
header('location:dashboard.php');
break;
case 3: session_start();
$_SESSION['erp']='true';
header('location:c_course.php');
break;
}
}
else{
echo '<script language="javascript">';
echo 'alert("Invalid Password")';
echo '</script>';
}
}
else{
echo '<script language="javascript">';
echo 'alert("Invalid Username")';
echo '</script>';
}
}
?>
忽略我在评论中提到的安全问题并专门回答您的后续问题how do I set a session var and redirect it to same page
,以下内容可能会有所帮助。我在几个地方进行了简化,但在大多数情况下基本相同。
<?php
if( $_POST ){
session_start();
$host = 'localhost';
$user = 'root';
$pass = '';
$db = 'erp';
$conn = mysqli_connect( $host, $user, $pass, $db );
$destinations=array(
1 => 'acc_setting.php',
2 => 'dashboard.php',
3 => 'c_course.php'
);
$userId = $_POST['myusername'];
$password = $_POST['mypassword'];
/*
This should be a prepared statement
-> $sql='select `password` from `users` where `user_id`=?';
-> $stmt=$conn->prepare( $sql );
-> $stmt->bind_param('s',$userid );
etc etc
The passwords should be hashed in the db using password_hash
and verified in PHP using password_verify
NEVER store plain text passwords
*/
$query = "SELECT * from user where user_id='$userId'";
$result = mysqli_query($conn,$query);
$num = mysqli_num_rows($result);
$row = mysqli_fetch_assoc($result);
if( $row['user_id']==$userId ){
/*
this should be password_verify
*/
if( $row['password']==$password ){
$_SESSION['erp']='true';
exit( header( sprintf( 'Location: %s', $destinations[ $row['user_type_id'] ] ) ) );
} else{
$_SESSION['error']='Invalid Password';
}
} else{
$_SESSION['error']='Invalid Username';
}
/*
An error must have occurred, redirect back to oiginal page
*/
exit( header( sprintf('Location: %s', $_SERVER['SCRIPT_NAME'] ) ) );
}
?>
然后,在表单所在的原始页面中
<form>
<!--
various form elements
-->
<?php
if( !empty( $_SESSION['error'] ) ){
echo $_SESSION['error'];
unset( $_SESSION['error'] );
}
?>
</form>
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句