我正在尝试制作一个简单的登录页面,如果用户名和密码都等于“ admin”,那么我想重定向到另一个名为“ admin_page.php”的页面。我有以下代码,但由于某种原因,无论我在用户名和密码字段上输入的内容如何,即使有空,登录也可以使用。谁能告诉我为什么会这样吗?这是我的代码:
<body>
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$user = $_POST['username'];
$pass = $_POST['psw'];
if (($user === "admin") && ($pass ==="admin")) {
header("Location: admin_page.php");
} else {
echo("error ! please enter correct data");
}
echo $user;
}
?>
<div class="bg">
<div class="a">
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" enctype='multipart/form-data'>
{{ csrf_field() }}
<input type="text" placeholder="Username" name="username">
<input type="Password" placeholder="Password" name="psw">
<button type="submit" name="submit">Login</button>
</form>
</div>
</div>
</body>
web.php
Route::get('/', function () {
return view('home');
});
Route::post('/', function () {
return view('admin');
});
Route::post('/', function () {
return view('admin_page');
});
// Route::get('/', function () {
// return view('welcome');
// });
Route::view('/home', "home"); // for controller
// Route::view('/welcome', "welcome"); // for controller
Route::view('/admin', "admin"); // for controller
Route::view('/admin_page', "admin_page"); // for controller
index.php
<?php
/**
* Laravel - A PHP Framework For Web Artisans
*
* @package Laravel
* @author Taylor Otwell <[email protected]>
*/
define('LARAVEL_START', microtime(true));
/*
|--------------------------------------------------------------------------
| Register The Auto Loader
|--------------------------------------------------------------------------
|
| Composer provides a convenient, automatically generated class loader for
| our application. We just need to utilize it! We'll simply require it
| into the script here so that we don't have to worry about manual
| loading any of our classes later on. It feels great to relax.
|
*/
require __DIR__.'/../vendor/autoload.php';
/*
|--------------------------------------------------------------------------
| Turn On The Lights
|--------------------------------------------------------------------------
|
| We need to illuminate PHP development, so let us turn on the lights.
| This bootstraps the framework and gets it ready for use, then it
| will load up this application so that we can run it and send
| the responses back to the browser and delight our users.
|
*/
$app = require_once __DIR__.'/../bootstrap/app.php';
/*
|--------------------------------------------------------------------------
| Run The Application
|--------------------------------------------------------------------------
|
| Once we have the application, we can handle the incoming request
| through the kernel, and send the associated response back to
| the client's browser allowing them to enjoy the creative
| and wonderful application we have prepared for them.
|
*/
$kernel = $app->make(Illuminate\Contracts\Http\Kernel::class);
$response = $kernel->handle(
$request = Illuminate\Http\Request::capture()
);
$response->send();
$kernel->terminate($request, $response);
问题是您正在检查请求参数。
您的视图
<body>
<div class="bg">
<div class="a">
<form method="post" action="/" enctype='multipart/form-data'>
{{ csrf_field() }}
<input type="text" placeholder="Username" name="username">
<input type="Password" placeholder="Password" name="psw">
<button type="submit" name="submit">Login</button>
</form>
</div>
</div>
</body>
您的路线
Route::post('/', function (Request $request) {
if($request->has('username') && $request->has('psw'){
return redirect('/admin_page');
}
return view('admin');
});
但是这不是解决问题的方法,这只是解决了您当前的问题。我建议您考虑使用laravel的内置身份验证。