我目前有一个简单的登录表单,该表单使用“访问码”来访问我的网站的一部分,并使用“ admin”和“ password”来进入管理部分。这里没有存储个人数据,因此安全性不是最重要的。
登录正常,我可以访问该站点。
[当有人登录时,它会转到一个“加载页面”,该页面通过php向我发送了一封电子邮件,表明它已被打开。
我想做的是将2个表单字段添加到数据库中不存在的登录表单中,但是通过php电子邮件发送输入到字段中的数据。
我要添加的字段是名字和姓氏。访问代码和密码字段正常工作。整个登录过程都有效,但是我不知道如何将表单数据从名字和姓氏传递到电子邮件部分。
表格代码
<!-- start login form -->
<div class="contact-form">
<?php if(isset($error)){ echo $error; }?>
<form method="POST" action="" role="form">
<div class="form-group has-feedback">
<label for="name">Access Code*</label>
<input type="text" class="form-control" name="accesscode" placeholder="">
<i class="fa fa-user form-control-feedback"></i>
</div>
<div class="form-group has-feedback">
<label for="name">First Name*</label>
<input type="text" class="form-control" name="firstname" placeholder="">
<i class="fa fa-user form-control-feedback"></i>
</div>
<div class="form-group has-feedback">
<label for="name">Last Name*</label>
<input type="text" class="form-control" name="lastname" placeholder="">
<i class="fa fa-user form-control-feedback"></i>
</div>
<div class="form-group has-feedback">
<label for="name">Password (if applicable)</label>
<input type="password" class="form-control" name="password" placeholder="">
<i class="fa fa-key form-control-feedback"></i>
</div>
<input type="submit" name="login" value="Login" class="btn btn-default"/></td>
</form>
</div>
<!-- end login form -->
响应表单的PHP代码-这是我到目前为止尝试过的
<?php
session_start();
require_once("config.php");
//Getting Input value
//process first form
if(isset($_POST['login'])){
$accesscode=mysqli_real_escape_string($conn,$_POST['accesscode']);
$password=mysqli_real_escape_string($conn,$_POST['password']);
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
if(empty($accesscode)){
$error= 'Fields are Mandatory';
}else{
//Checking Login Detail
$result=mysqli_query($conn,"SELECT*FROM patientres WHERE accesscode='$accesscode' AND password='$password'");
$row=mysqli_fetch_assoc($result);
$count=mysqli_num_rows($result);
if($count==1){
$_SESSION['patientres']=array(
'accesscode'=>$row['accesscode'],
'password'=>$row['password'],
'role'=>$row['role'],
'libname'=>$row['libname'],
'url'=>$row['url']
);
$url=$_SESSION['patientres']['url'];
$firstname=$_SESSION['patientres']['firstname'];
$lastname=$_SESSION['patientres']['lastname'];
//Redirecting User Based on Role
header("Location: " . $row['url']);
}
else{
$error='<div class="alert alert-danger fade in" role="alert"><button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button><strong>Invalid Access Code</strong><br><br>Check your code and try again.<br>If your code is correct and does not work, please <a href="******" class="alert-link">contact us.</a> </div>';
}
}
}
?>
这是我尝试将其转换为准备好的语句的更新后的php代码,但是它会加载登录页面,但是在提交时,我只会得到一个白屏。我觉得标题重定向不起作用。
<?php
session_start();
require_once("config.php");
//Getting Input value
//process first form
//if(isset($_POST['login'])){
if($_SERVER["REQUEST_METHOD"] == "POST")
{
$accesscode=mysqli_real_escape_string($conn,$_POST['accesscode']);
$password=mysqli_real_escape_string($conn,$_POST['password']);
if(empty($accesscode))
{
$error= 'Fields are Mandatory';
}else
{
// Prepare our SQL, preparing the SQL statement will prevent SQL injection.
$stmt = $mysqli->prepare("SELECT * FROM patientres WHERE accesscode = ? AND password =?");
$stmt -> bind_param("ss", $_POST['accesscode'], $_POST['password']);
$stmt -> execute();
$result = $stmt -> get_result();
if($result->num_rows === 0) exit('No rows');
while($row = $result->fetch_assoc())
{
$_SESSION['patientres']=array(
'accesscode'=>$row['accesscode'],
'password'=>$row['password'],
'role'=>$row['role'],
'libname'=>$row['libname'],
'url'=>$row['url']
);
//$url=$_SESSION['patientres']['url'];
//Redirecting User Based on Role
header("Location: " . $row['url']);
}
$stmt->close();
}
}
?>
然后转到另一个处理此脚本的页面
<?php
session_start();
//Checking User Logged or Not
if(empty($_SESSION['patientres'])){
header('index.php');
}
?>
<?php
$ip = $_SERVER["REMOTE_ADDR"];
$ipdat = @json_decode(file_get_contents(
"http://www.geoplugin.net/json.gp?ip=" . $ip));
$to = '[email protected]';
$subject = 'Patient Resource Access by: ' . $_SESSION['patientres']['accesscode'];
$message = "Resource Access by: " . $_SESSION['patientres']['accesscode'] . "\n\nUser: " . $_SESSION['patientres']['firstname'] ."\n\nAt: " . date('d/m/Y, H:i:s')."\n\nCountry: " . $ipdat->geoplugin_countryName . "\nCity: ". $ipdat->geoplugin_city . "\nLatitude: ". $ipdat->geoplugin_latitude . "\nLongitude: ". $ipdat->geoplugin_longitude . "\nTimezone: ". $ipdat->geoplugin_timezone;
$message = "Message sent from IP: $ip\n\n" .$message;
//$message. = date('m/d/Y, H:i:s');
$headers = 'From: Some Resources' . "\r\n" .
//'Reply-To: [email protected]' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers);
//redirect
header( "refresh:4;url=../functional.php" );?>
因此,我唯一不知道如何做的是将表单中的名字和姓氏信息传递到在电子邮件中发送的名字和姓氏信息,但否则不使用。
谢谢
我设法弄清楚我最初提出的问题是怎么做的
我将此添加到了我的php登录脚本的初始部分
//if(isset($_POST['login'])){
if($_SERVER["REQUEST_METHOD"] == "POST")
{
$firstname=$_POST['firstname']; <---- this line here
$lastname=$_POST['lastname']; <--- this line here
$accesscode=mysqli_real_escape_string($conn,$_POST['accesscode']);
$password=mysqli_real_escape_string($conn,$_POST['password']);
.....
if($count==1)
{
$_SESSION['patientres']=array(
'accesscode'=>$row['accesscode'],
'password'=>$row['password'],
'role'=>$row['role'],
'libname'=>$row['libname'],
'url'=>$row['url']
);
$url=$_SESSION['patientres']['url'];
$_SESSION['firstname'] = $_POST['firstname']; <-- this line here
$_SESSION['lastname'] = $_POST['lastname']; <-- this line here
//Redirecting User Based on Role
header("Location: " . $row['url']);
然后我在电子邮件代码中添加了以下内容
$message = "Resource Access by: " . $_SESSION['patientres']['accesscode'] . "\n\nUser: " . $_SESSION['firstname'] ." ". $_SESSION['lastname'] ."\n\nAt:
感谢大家的帮助。我仍然很笨拙,试图在准备好的语句中获取所有内容。