开发者

Force users to enter data into forms

问答 作者:

I have a login form that does the following:

  • It accepts users that are registered with a redirecting logon message.
  • It tells you if you need to register for your username/password is not in the system.

When nothing is entered into the username/password form, it redirects to a page that has s开发者_JS百科ensitive mysql data... how do I add a php message that yells at the user to put in information?

  if ($numrows != 0)
  {

    $user = mysql_fetch_assoc($query);
echo "Welcome,".$username. "you are being directed to the <a href=\"page.php\">.</a>";
    $_SESSION['username']= $user['username']; 
  }


  else
  {
    echo ("please reenter your username and password. If you don't have those, please <a href=\".php\">register.</a>");
  }

how do I add a php message that yells at the user to put in information?

Something like this:

if( !isset( $_POST['username'] ) && !isset( $_POST['password'] ) ){
    // This won't show if you use a header redirect
    echo "YOU MUST ENTER A LOGIN";

    exit; // Halt execution if necessary
}

Add some checks for empty() if needed.

Alternatively, do this if you're using a session/cookies and some sort of User object:

if( $user == null || !$user->isConnected() ){
    // This won't show if you use a header redirect
    echo "YOU MUST ENTER A LOGIN";

    exit; // Halt execution if necessary
}

P.S: echo and exit can be combined as:

die("YOU MUST ENTER A LOGIN");

Use the php header function to redirect the user to whatever page you want. You could send them back to the login page or on to a new page.

http://www.w3schools.com/php/func_http_header.asp

http://php.net/manual/en/function.header.php

header('Location: http://www.example.com/');

You need to check that the entered form values are acceptable. So check whether they are present in your code and then send them to wherever is appropriate based on that.

Make use of the existing session to hold your errors in.

<?php 
session_start();
$continue=true;
if(isset($_POST)){
    if(empty($_POST['username']) || strlen($_POST['username']) < 3){
        $_SESSION['error']['username']='You must fill in your username';
        $continue=false;
    }
    /*or if you use email as username
    if(empty($_POST['username']) || filter_var($_POST['username'], FILTER_VALIDATE_URL)==false){
        $_SESSION['error']['username']='You must fill in your username';
        $continue=false;
    }*/

    if(empty($_POST['password'])){
        $_SESSION['error']['password']='You must fill in your password';
        $continue=false;
    }
}else{
    $_SESSION['error']['nopost']='You must fill out the form';
    $continue=false;
}

if($continue===false){
    header('location: ./login.php');
    die();
}
  //do all the connect stuff...
  $username = mysql_real_escape_string($_POST['username']);
  $password = mysql_real_escape_string($_POST['password']);
  $sql = "SELECT * FROM members WHERE username='$username' && password='$password' LIMIT 1";

  if (mysql_num_rows(mysql_query($sql)==1)) {
    //log them in
    $_SESSION['loggedin']=true;
    header('location: ./members.php'); 
    //or whatever
    /*
    members.php would have a check for `$_SESSION['loggedin']==true` at the top
    else redirect them to login.php with another header()
    */
}else{
    $_SESSION['error']['username']='Wrong username or password';
    $_SESSION['loggedin']=false;
    header('location: ./index.php');
}
die();

?>

You could do something like this:

if(isset($_POST['button_name'])) {
    if(isset($_POST['username']) && $_POST['username'] != "") {
        if(isset($_POST['password']) && $_POST['password'] != "") {
            //Your code here
        } else {
            echo "You need to enter your password.";
        }
    } else {
        echo "You need to enter your username.";
    }
}

You need to add the name of the button that submits the form and the name of the username and password fields. The echo is just a suggestion, you can always do something else aswell.

Check if the visitor has pressed the submit botton prior to any database query:

login.php

<?php 

if (!isset($_POST['Submit'])) {
  // No input, redirect to login.php with error code 1
  header("Location: index.php?error=1");
}      
else{
  // There is inout
  $username = $_POST['username'];
  $password = $_POST['password'];
  // Account for typecase here if necessary
  $sql = "SELECT * FROM members WHERE username = '$username' AND password = '$password'";

  if (mysql_num_rows(mysql_query($sql))) {
    // User is authenticated, redirect to private page
    header("Location: private.php");
  }
  else {
    // Wrong input, redirect to login.php with error code 2
    header("Location: index.php?error=2");
  }
}
?>

index.php

<?php
$errors[1] = 'Please type your usename and password';
$errors[2] = 'please verify your username and password';
?>

<form method="post" action="login.php">
  <p>
  <?php 
    if(isset($_GET['error']) && isset($errors[$_GET['error']])) 
      echo $errors[$_GET['error']], '</br>';
  ?>
  Username: <input type="text" name="username" /><br />
  Password: <input type="password" name="username" /><br />
  <input type="submit" name="submit" value="Let me in"/>
  </p>
</form>

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9