2017-02-10 87 views
0

如果用戶名或密碼不正確,我嘗試使用ajax顯示錯誤消息,如果它們正確,則轉到tabeeb.html或secc.php。但不是轉到正確的頁面,頁面會顯示在對話框中,如img。什麼是錯的?使用ajax和javascript登錄表格

這是形式

<form method="post" class="bounceInDown animated"> 
<input type="text" name="u" id="u" placeholder="User Name" class="bbb"><br> 
<input type="password" name="p" id="p" placeholder="Password" class="bbb">  
<input type="button" onClick="myFunction()" name="loginbtn" class=" btn 
btn-primary " value="Log in"> 
</form> 

這是myfunction的()函數

function myFunction(){ 

var u = document.getElementById("u").value; 
var p = document.getElementById("p").value; 
var dataString = 'u1=' + u + '&p1=' + p ; 

if (u == '' || p == '') { 
alert("Please Fill All Fieldsssssss");} 


else { 
// AJAX code to submit form. 
$.ajax({ 
type: "POST", 
url: "ajaxjss.php", 
data: dataString, 
cache: false, 
success: function(html) { 

alert(html); 
} 
}); 
} 
return false; 

,這是ajaxjss.php

<?php 
// Fetching Values From URL 
$u2 = $_POST['u1']; 
$p2 = $_POST['p1']; 

$connection = mysql_connect("localhost", "root", "password"); 
// Establishing Connection with Server.. 
$db = mysql_select_db("project", $connection); // Selecting Database 

if (isset($_POST['u1'])) { 


// من تحت هو التجربة 
$result = mysql_query("select * from test where student_name = '$u2' ") or 
die("faild"); 

$row = mysql_fetch_array($result); 


if($row['student_name'] == $u2 && $row['student_password']==$p2) 
{ $NoOFLetter = strlen($u2); 

$result = substr($u2, $NoOFLetter-3, $NoOFLetter); 
if($result == "doc"){header('Location: tabeeb.html'); exit; } 
if($result == "sec"){header('Location: secc.php'); exit;} 

exit; } 

else{ 
$error_message = "Error in username or password!";} 

// كل اللى فوق هو التجربة 

if(!$query){ 

echo "error"; 

}else{echo "Form Submitted succesfully";}} 
mysql_close($connection); // Connection Closed 
?> 
+0

اسمعني..هلتستخدم阿帕奇? –

+3

a)**不要**使用已棄用的'mysql'函數,這些函數在PHP7中也被刪除。改用'mysqli'或'PDO'。 b)你的代碼對於** SQL注入**廣泛開放 - 想象有人發佈像''這樣的用戶名; DROP TABLE測試; - 'c)是你的mysql_connect函數中的真實密碼?如果是:**立即更改**。 (另外:除了管理任務之外,你不應該使用root帳戶)d)**永遠不會使用**存儲純文本密碼!使用'password_hash()'和'password_verify()' –

+0

SQL注入...安全性的可靠性 –

回答

0

現在檢查它

function myFunction(){ 
 

 
var u = document.getElementById("u").value; 
 
var p = document.getElementById("p").value; 
 
var dataString = 'u1=' + u + '&p1=' + p ; 
 

 
if (u == '' || p == '') { 
 
alert("Please Fill All Fieldsssssss");} 
 

 

 
else { 
 
// AJAX code to submit form. 
 
$.ajax({ 
 
type: "POST", 
 
url: "ajaxjss.php", 
 
data: dataString, 
 
cache: false, 
 
success: function(html) { 
 
    if(html=="error"){ 
 
    alert(html); 
 
    } 
 
    else{ 
 
    window.location.href="secc.php"; 
 
    } 
 

 
} 
 
}); 
 
} 
 
return false;