点击提交后如何阻止“if(isset($_POST['form-submit']))”重定向?

【问题标题】:How to stop "if(isset($_POST['form-submit']))" from redirecting after clicking Submit?点击提交后如何阻止“if(isset($_POST['form-submit']))”重定向?
【发布时间】:2017-04-01 11:24:17
【问题描述】:

这些天我对密码恢复程序有一个严重的问题。当我在reset.php?recoverykey=6602f445b4736ef3363a31e05750022d 上编写if(isset($_POST['pass-submit'])) 时。当有人点击表单的提交按钮时,它应该留在同一页面进行处理,即在reset.php?recoverykey=6602f445b4736ef3363a31e05750022d。但相反,它将我们带到reset.php,因为变量recoverykey 是空的,所以没有代码可以工作。即使在使用header("Location: reset.php?recoverykey=$recovery_code"); 之后,也没有任何效果。 我希望它在单击提交按钮后保持原样,以便 PHP 可以根据程序检查密码和确认密码字段是否相同或不正确。

这是我在reset.php 中的所有代码:

<?php
    ob_start();
    session_start();
?>
<!DOCTYPE html>
            <head>
                <meta name="robots" content="noindex" />
                <link rel="stylesheet" type="text/css" href="assets/scripts/css/styles.css" />
                <title>Reset Password</title>
            </head>
<?php
    include('db-config.php');
    function show_change_pass_form(){
        ?>
                <form class="iqform" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
                    <h3>Change your Password</h3>
                    <label><span class="text-danger"><?php echo $passError ?></span><input type="password" placeholder="New Password" name="new-pass" required /></label>
                    <label><span class="text-danger"><?php echo $Con_passError; ?></span><input type="password" placeholder="Confirm Password" name="confirm-new-pass" required /></label>
                    <input type="submit" value="Change Password" name="pass-submit" />
                </form>
        <?php
    }
    $recovery_code = $_GET['recoverykey'];
    if(empty($recovery_code)){
        echo 'Looks like you landed elsewhere.';
    }
    $sql = "SELECT * FROM RegisteredMembers WHERE RecoveryCode='$recovery_code'";
    $result = mysql_query($sql);
    if($result){
        $count = mysql_num_rows($result);
        if($count==1){

            if( isset($_POST['pass-submit']) ){

               header("Location: reset.php?recoverykey=$recovery_code");

                $pass = $_POST['new-pass'];
                $Con_pass = $_POST['confirm-new-pass'];

                    // Confirmation
                        if($pass==$Con_pass){
                            $sql1 = "UPDATE RegisteredMembers SET password = '$pass' WHERE RecoveryCode = '$recovery_code'";
                            $output = mysql_query($sql1);
                            echo $output;
                            $error = false;
                            $passError = "Password successfully changed. Feel free to Log In.";
                        } else if(!($pass==$Con_pass)){
                            $error = true;
                            $Con_passError = "The Password isn't matching. Be sure you remember the New Password.";
                        } else if(empty($pass)){
                            $error = true;
                            $passError = "Please do not keep the password empty.";
                        } else if(empty($Con_pass)){
                            $error = true;
                            $Con_passError = "Please do not keep this field empty.";
                        }
            }
            show_change_pass_form();

        } else if($count==0) {
            echo "No such recovery code, please don't try Spamming around!";
        }
    }
?>
<?php ob_end_flush(); ?>

这是我在forget.php 中的代码(我添加了它,虽然它不是很有必要):

<?php

    ob_start();
    session_start();
    include('db-config.php');

    if(isset($_POST['forgot-submit'])){
        $recovery_user = $_POST['forgot-email'];
        $query = "SELECT * FROM RegisteredMembers WHERE userEmail='$recovery_user'";
        $output = mysql_query($query);
        $count = mysql_num_rows($output);
        $row = mysql_fetch_array($output);
        if($count==1){
            $error = false;

            // Mail the Recovery link
            $recovery_code = md5(uniqid(rand()));
            $mTo = $recovery_user;
            $mFrom = 'From: '.$website_details['name'].' Team '.'<'.$website_details['email'].'>';
            $mSubject = $website_details['name']." Account recovery Mail";
                // Message
                $mMsg[0] = "Hi ".$row['fname'].", \r\n";
                $mMsg[1] = "This is the password recovery email which you have requested just few minutes before. <b>(If you havn't requested, you may kindly ingnore this Email)</b>";
                $mMsg[2] = "Here's your <a href='$web_path/reset.php?recoverykey=$recovery_code'>Password Recovery Link</a>. Clicking it would allow you to change your existing password into a new one.";
                $mFinMsg = $mMsg[0].$mMsg[1].$mMsg[2];
            $sendRecMail = mail( $mTo , $mSubject , $mFinMsg , $mFrom );

            // Add recovery code to Database
            $mysql = "UPDATE RegisteredMembers SET RecoveryCode='$recovery_code' WHERE userEmail='$recovery_user'";
            $result = mysql_query($mysql);
            if($result){
                $error = false;
                $forgotEmailMsg = "Thanks, Check your Email for recovering your password.";
            } else{
                echo "Looks like there's a Disturbance and Load on server. Try again later.";
            }
        } else if(strlen($recovery_user)==0){
            $error = true;
            $forgotEmailMsg = "Please do not leave this field empty.";
        } else{
            $error = true;
            $forgotEmailMsg = "No such Email found in Database.";
        }
    }

?>
<!DOCTYPE html>
<html>
    <head>
        <meta name="robots" content="noindex" />
        <link rel="stylesheet" type="text/css" href="assets/scripts/css/styles.css" />
        <title>Password Recovery</title>
    </head>
    <body>
        <form class="iqform" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
            <h3>Password Recovery</h3>
            <label><span class="text-danger"><?php echo $forgotEmailMsg; ?></span><input type="email" placeholder="Your registered Email" name="forgot-email" required /></label>
            <input type="submit" value="Next" name="forgot-submit" />
        </form>
    </body>
</html>
<?php ob_end_flush(); ?>

Forget.php 没问题,但也许你可以从中参考一些东西。

【问题讨论】:

标签: php html forms session if-statement


【解决方案1】:

好吧,我认为您不需要使用标头功能重定向用户。在reset.php中,在表单动作中,你应该替换:

<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>

与:

<?php echo $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING']; ?>

PHP_SELF 只返回脚本名称,不返回查询字符串,所以你的页面在 url 中不会有 recoverykey 字段。

您不应该使用 mysql_* 函数,因为 php-mysql 扩展已被弃用,并且已从 Php 7 中删除

在reset.php中也不需要ob_start()、ob_end_flush()和session_start()

【讨论】:

  • PHP_SELF only returns the script name 错误,PHP_SELF 返回正在运行的任何文件的 URL 给定标识符,因此不安全并且可能被最终用户滥用。 PHP_SELF不应该使用,还有其他更好的$_SERVER值如$_SERVER['SCRIPT_FILENAME']等。改用它们。
【解决方案2】: 
   if(isset($_POST['submit'])){
        header("Location:https://www.example.com/subname/");
        exit; // Exit should always be called after a redirection to 
              // cease further PHP code execution.
    }

提交后使用此代码进行重定向。

【讨论】:

  • 这不起作用。我不希望它重定向。我希望它自己呆在那里。
  • 他们想用ajax。
猜你喜欢
  • 1970-01-01
  • 2017-10-22
  • 1970-01-01
  • 2014-07-04
  • 2015-03-05
  • 1970-01-01
  • 2016-04-14
  • 1970-01-01
  • 1970-01-01
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode