为什么即使在第一次加载页面时出现“错误的用户名/密码”警报?
问题描述:
I have a login form and when I get to the page, it gives me automatically the alert message. I havn't put the username and password info yet.
Here is the page that does the verification of the login form input, Please see why it is behaving like that?
<?
session_start();
include "config.php";
if(isset($_SESSION["login_user"]) AND isset($_SESSION['pass_user'])){
$login_user = $_SESSION["login_user"];
$pass_user = $_SESSION["pass_user"];
$sql = mysql_query("SELECT * FROM adm WHERE login = '$login_user'");
$cont = mysql_num_rows($sql);
while($linha = mysql_fetch_array($sql)){
$pass_db = $linha['pass'];
}
if($cont == 0){
unset($_SESSION["login_user"]);
unset($_SESSION["pass_user"]);
echo "
<META HTTP-EQUIV=REFRESH CONTENT='0; URL=login.php'>
<script type=\"text/javascript\">
alert(\"Name of user dont match.\");
</script>";
}
if($pass_db != $pass_user){//check pass
unset($_SESSION["login_user"]);
unset($_SESSION["pass_user"]);
echo "
<META HTTP-EQUIV=REFRESH CONTENT='0; URL=login.php'>
<script type=\"text/javascript\">
alert(\"Password dont match.\");
</script>";
}
}else{
echo "
<META HTTP-EQUIV=REFRESH CONTENT='0; URL=login.php'>
<script type=\"text/javascript\">
alert(\"User and password dont match.\");
</script>";
}
?>
答
I guess you have just misplaced an else:
<?
session_start();
include "config.php";
if(isset($_SESSION["login_user"]) AND isset($_SESSION['pass_user'])){
$login_user = $_SESSION["login_user"];
$pass_user = $_SESSION["pass_user"];
$sql = mysql_query("SELECT * FROM adm WHERE login = '$login_user'");
$cont = mysql_num_rows($sql);
while($linha = mysql_fetch_array($sql)){
$pass_db = $linha['pass'];
}
if($cont == 0){
unset($_SESSION["login_user"]);
unset($_SESSION["pass_user"]);
echo "
<META HTTP-EQUIV=REFRESH CONTENT='0; URL=login.php'>
<script type=\"text/javascript\">
alert(\"Name of user dont match.\");
</script>";
}
if($pass_db != $pass_user){//check pass
unset($_SESSION["login_user"]);
unset($_SESSION["pass_user"]);
echo "
<META HTTP-EQUIV=REFRESH CONTENT='0; URL=login.php'>
<script type=\"text/javascript\">
alert(\"Password dont match.\");
</script>";
}else{
echo "
<META HTTP-EQUIV=REFRESH CONTENT='0; URL=login.php'>
<script type=\"text/javascript\">
alert(\"User and password dont match.\");
</script>";
}
}
?>
However, As mentioned by @David, you should not specify that only password is wrong.
答
please remove else statement from your code.Now use it.
<?php
session_start();
include "config.php";
if(isset($_SESSION["login_user"]) AND isset($_SESSION['pass_user'])){
$login_user = $_SESSION["login_user"];
$pass_user = $_SESSION["pass_user"];
$sql = mysql_query("SELECT * FROM adm WHERE login = '$login_user'");
$cont = mysql_num_rows($sql);
while($linha = mysql_fetch_array($sql)){
$pass_db = $linha['pass'];
}
if($cont == 0){
unset($_SESSION["login_user"]);
unset($_SESSION["pass_user"]);
echo "
<META HTTP-EQUIV=REFRESH CONTENT='0; URL=login.php'>
<script type=\"text/javascript\">
alert(\"Name of user dont match.\");
</script>";
}
if($pass_db != $pass_user){//check pass
unset($_SESSION["login_user"]);
unset($_SESSION["pass_user"]);
echo "
<META HTTP-EQUIV=REFRESH CONTENT='0; URL=login.php'>
<script type=\"text/javascript\">
alert(\"Password dont match.\");
</script>";
}
}
?>
答
That is because the following if statement returns false:
if (isset($_SESSION["login_user"]) AND isset($_SESSION['pass_user']))
When that happens the following code will be executed:
} else {
echo "
<META HTTP-EQUIV=REFRESH CONTENT='0; URL=login.php'>
<script type=\"text/javascript\">
alert(\"User and password dont match.\");
</script>";
}