1. 首頁
  2. 問答
  3. 用戶名檢查和密碼檢查驗證

用戶名檢查和密碼檢查驗證

2017-07-28 130 views
-3

直升機,我犯了一個登錄的話,我想,如果用戶名錯誤,密碼正確則顯示警告,如果用戶名是錯誤的,如果用戶名正確和密碼錯誤則顯示警告,如果密碼是錯誤的,如果用戶名和密碼進行匹配,然後重定向到index.php用戶名檢查和密碼檢查驗證

這是我的腳本

<?php 
    if(isset($_GET['log'])){ 
    session_start(); 
    session_destroy(); 
    } 
    $conn = mysqli_connect("localhost","root","","mydb"); 
    $username = isset($_POST["username"]) ? $_POST["username"] : ''; 
    $password = isset($_POST["password"]) ? $_POST["password"] : ''; 
    $password = md5($password); 



    if($username!='' and $password!=''){ 

    $sql = mysqli_query($conn, "SELECT * from user WHERE username = '$username' AND password = '$password' limit 1"); 
    $data = mysqli_fetch_assoc($sql); 

    if($data){ 
     session_start(); 
     $_SESSION['username']  = $data['username']; 
     $_SESSION['password']  = $data['password']; 
    } 

    if(isset($_SESSION["username"])){ 
     header('Location: index.php'); 
    } 

    else { 
     echo "<script type='text/javascript'> 
     alert('wrong username and password..!!!'); 
     </script>"; 
    } 
    } 

?> 
<body class="" style="background: #fff"> 
<br><br><br> <br><br><br>  
    <center></center><br>  
    <div class="form-box" id="login-box" style="width: 430px;margin-top: -0px;border-radius: 0"> 
     <div class="header" style="background: #2880d7;border-radius: 0">KOPKAR Manunggal Perkasa</div> 
     <form action="#" method="post"> 
      <div class="body bg-gray"> 
       <div class="form-group"> 
        <input type="text" name="username" class="form-control" placeholder="Username"/> 
       </div> 
       <div class="form-group"> 
        <input type="password" name="password" class="form-control" placeholder="Password"/> 
       </div> 
      </div> 
      <div class="footer text-center" style="background: #dbdbe0;border-radius: 0"> 
       <button type="submit" name="login" class="btn btn-lg" style="background: #2880d7;color: white;width: 30%">Login</button> 


      </div> 
     </form> 

    </div> 

</body>

謝謝

來源

2017-07-28 Nishikino Maki

+0

現在你得到任何錯誤? –

+1

你不打算和這個一起生活,是嗎? –

+0

我不明白的錯誤,但我想腳本來檢查,如果用戶名錯誤,密碼正確則顯示警告,如果用戶名是錯誤的,如果用戶名正確和密碼錯誤則顯示警告,如果密碼是錯誤的,如果用戶名和密碼進行匹配,然後重定向到index.php –

回答

0 
<?php 

if (isset($_GET['log'])) { 
    session_start(); 
    session_destroy(); 
} 
$conn = mysqli_connect("localhost", "root", "", "mydb"); 
$username = isset($_POST["username"]) ? $_POST["username"] : ''; 
$password = isset($_POST["password"]) ? $_POST["password"] : ''; 
$password = md5($password); 
$msg = ""; 
$status = 0; 

if ($username != '' and $password != '') { 

    $sql = mysqli_query($conn, "SELECT * from user WHERE username = '$username' OR password = '$password' limit 1"); 
    $data = mysqli_fetch_assoc($sql); 

    if ($data) { 
     $status = 1; 
     session_start(); 
     if ($data['username'] == $username && $data['password'] == $password) { 
      $_SESSION['username'] = $data['username']; 
      $_SESSION['password'] = $data['password']; 
     } else if ($data['username'] != $username) { 
      $status = 0; 
      $msg = "username is wrong"; 
     } else if ($data['password'] != $password) { 
      $status = 0; 
      $msg = " password is wrong"; 
     } 
    } else { 
     $status = 0; 
     $msg = "username and password is wrong"; 
    } 
    $alert = "<script type='text/javascript'> 
     alert('" . $msg . "'); 
     </script>"; 
    if (!$status) { 
     echo $alert; 
    } 
    if (isset($_SESSION["username"])) { 
     header('Location: index.php'); 
    } 
} 
?>

來源

2017-07-28 10:17:44

+0

我在這裏得到了錯誤: 如果(狀態!){ 回聲$警報; } 聲明:中未定義的常量狀態使用 - 在d假設 '狀態':\ RIFQI_FILE \ XAMPP \ htdocs中\第44行最後\ login.php中 –

+0

更新的代碼$錯過。 –

+0

的代碼是有效的,但是當只有用戶名或密碼錯誤時,警告仍然是用戶名和密碼是錯誤的, –

0

(EDI TED) MD5密碼爲空的產生這樣的:

d41d8cd98f00b204e9800998ecf8427e

我修改代碼:

<?php 

if(isset($_GET['log'])) 
{ 
    session_start(); 
    session_destroy(); 
} 
$conn = mysqli_connect("localhost","root","","mydb"); 
$username = isset($_POST["username"]) ? $_POST["username"] : ''; 
$password = isset($_POST["password"]) ? $_POST["password"] : ''; 
// Control attempt variable 
$attempt = FALSE; 

if($username != '' && $password != '') 
{ 
    // ESCAPE!!! SQL INYECTION 
    $query = sprintf(
     "SELECT * FROM user WHERE username = '%s' AND password = '%s' LIMIT 1;", 
     mysqli_real_escape_string($username), 
     md5($password) 
    ); 
    $result = mysqli_query($conn, $query); 

    if($result) 
    { 
     $data = mysqli_fetch_assoc($result); 
     // 
     session_start(); 
     // 
     $_SESSION['username'] = $data['username']; 
     $_SESSION['password'] = $data['password']; 

     header('Location: index.php'); 
    } 
    $attempt = TRUE; 
} 
?> 
<html> 
<thead></thead> 
<body class="" style="background: #fff"> 
    <br><br><br> <br><br><br>  
    <center></center><br>  
    <div class="form-box" id="login-box" style="width: 430px;margin-top: -0px;border-radius: 0"> 
     <div class="header" style="background: #2880d7;border-radius: 0">KOPKAR Manunggal Perkasa</div> 
     <form action="#" method="post"> 
      <div class="body bg-gray"> 
       <div class="form-group"> 
        <input type="text" name="username" class="form-control" placeholder="Username"/> 
       </div> 
       <div class="form-group"> 
        <input type="password" name="password" class="form-control" placeholder="Password"/> 
       </div> 
      </div> 
      <div class="footer text-center" style="background: #dbdbe0;border-radius: 0"> 
       <button type="submit" name="login" class="btn btn-lg" style="background: #2880d7;color: white;width: 30%">Login</button> 
      </div> 
     </form> 

    </div> 
    <?php if($attempt): ?> 
    <script type="text/javascript"> 
     alert('wrong username and password..!!!'); 
    </script> 
    <?php endif; ?> 
</body> 
</html>

我建議大家不要使用MD5

來源

2017-07-28 10:28:01 MikeSouto

+0

不要使用'mysql_real_escape_string()'當有[完全足夠準備的語句(http://php.net/manual/en/mysqli.prepare.php)提供了'mysqli'庫。特別是在密碼上運行時,實際上會改變'md5()'產生的散列。 – Phylogenesis

+0

¿你看準備好了嗎?我應該在查詢中應用這個函數。 – MikeSouto

相關問題

 相關問題