我正在制作登录系统。一切正常,但是当我在登录中使用不在数据库中的电子邮件(用户名)时,它将转到带有文件名的URL,然后只是表单数据(电子邮件和密码)。我需要设置标题错误,所以我可以说登录失败了。有谁看到这个问题?
<?php
ob_start();
if (isset($_REQUEST['password'])) {
require 'connect.php';
$password = $_REQUEST['password'];
$mail = $_REQUEST['email'];
if (empty($mail) || empty($password)) {
header('location: ../login.php?error=empty');
exit();
} else {
$sql = "SELECT * FROM account WHERE email = ?;";
$stmt = mysqli_stmt_init($connect);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../login.php?error=sqlError");
exit();
} else {
mysqli_stmt_bind_param($stmt, "s", $mail);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$passwordCheck = password_verify($password, $row['wachtwoord']);
if ($passwordCheck == false) {
header("Location: ../login.php?error=passwordWrong");
exit();
} elseif ($passwordCheck == true) {
session_start();
$_SESSION['userId'] = $row['account_id'];
$_SESSION['username'] = $row['gebruikersnaam'];
header("Location: ../index.php?login=succes");
exit();
}
} else {
header("Location login.php?error=noUser");
exit();
}
}
}
} else {
header("Location: ../login.php?error=");
exit();
}