1. 首頁
  2. 問答
  3. 登錄頁面錯誤

登錄頁面錯誤

2017-05-16 150 views
1

這是我的登錄頁面。我可以登錄時,我把相關的用戶名和密碼,並不能登錄,如果他們不匹配。但事情是我仍然有登錄權限,當我不輸入任何用戶名,密碼並單擊登錄按鈕。登錄頁面錯誤

這是索引頁

<html> 
<head> 
<title>Login</title> 
<link rel="stylesheet" type="text/css" href="login.css"> 
</head> 

<body> 
<div class="login-page"> 
    <form method="post" class="form" action="login.php"> 

     <input type="text" id="user" name="user" placeholder="username"/> 
     <input type="password" id="pass" name="pass" placeholder="password"/> 
     <button type="submit" name="submit" id="btn">login</button> 

    </form> 
</div> 
</body> 
</html>

這是login.php中

<?php 

    //get values passe from form in login.php file 
    $username = $_POST['user']; 
    $password = $_POST['pass']; 

    //to prevent sql injection 
    $username = stripslashes($username); 
    $password = stripslashes($password); 
    $username = mysql_real_escape_string($username); 
    $password = mysql_real_escape_string($password); 

    //connect to the server and select database 
    mysql_connect("localhost","root",""); 
    mysql_select_db('laboursalary'); 

    //query the database for user 
    $result = mysql_query("SELECT * FROM login WHERE username= '$username' and password='$password'") 
       or die("Failed to query database" .mysql_error()); 
    $row = mysql_fetch_array($result); 
    if ($row['username']==$username && $row['password']==$password) { 
     header("Location: ../projectdetails/index.php"); 

    } elseif ($row['username']=="" && $row['password']==""){ 
     echo "Failed to login"; 
    } else { 
     echo "Failed to login"; 
    } 


?>

來源

2017-05-16 Lisa234

+0

警告mysql_query,mysql_fetch_array,mysql_connect等..擴展名在PHP 5.5.0中被棄用,並且在PHP 7.0.0中被刪除。相反,應該使用MySQLi或PDO_MySQL擴展。 – Melchizedek

回答

3 
<?php 
if(isset($_POST['submit'])) 
{ 
    //get values passe from form in login.php file 
    $username = mysql_real_escape_string($_POST['user']); 
    $password = mysql_real_escape_string($_POST['pass']); 


    //connect to the server and select database 
    mysql_connect("localhost","root",""); 
    mysql_select_db('laboursalary'); 

    //query the database for user 
    $result = mysql_query("SELECT * FROM login WHERE username= '$username' and password='$password'"); 
    $row = mysql_num_rows($result);   
    if($row == 1) 
    { 
     header("Location: ../projectdetails/index.php"); 

    } else { 
     echo "Failed to login"; 
    } 
} 

?>

來源

2017-05-16 04:57:45

+0

非常感謝。它工作正常:) – Lisa234

+0

歡迎@ Lisa234 –

2

這意味着您在使用用戶名和密碼爲空一行。刪除表中的這些行並更新下面的代碼。

if ($username != "" && $password !=""){ 
//query the database for user 
    $result = mysql_query("SELECT * FROM login WHERE username= '$username' and password='$password'") 
       or die("Failed to query database" .mysql_error()); 
    $row = mysql_fetch_array($result); 
    if ($row['username']==$username && $row['password']==$password) { 
     header("Location: ../projectdetails/index.php"); 

    } else { 
     echo "Failed to login"; 
    } 
} else 
     echo "Failed to login"; 
    }

注:也改變你的mysql連接的mysqli或PDO。因爲它在最新的PHP版本中已被棄用。

來源

2017-05-16 03:25:09 Naga

相關問題

 相關問題