2011-12-13 260 views
0

我有這個登錄腳本,但由於某種原因,它不工作。我檢查了數據庫,表單,並以5種不同的方式重新編寫了腳本;然而,他們都有同樣的問題,它不會啓動會話。下面是代碼:PHP - 登錄腳本

<?php 
session_start(); 

//connect and select DB 
mysql_connect ("localhost", "root", "") or die ('Error: ' . mysql_error()); 
mysql_select_db('usr_info')or die ("cannot select DB :("); 

//transfer values sent from form 
$usrname = $_POST['usrname']; 
$passwrd = $_POST['passwrd']; 

//injection protection 
$usrname = stripslashes($usrname); 
$passwrd = stripslashes($passwrd); 
$usrname = mysql_real_escape_string($usrname); 
$passwrd = mysql_real_escape_string($passwrd); 

$sql = "SELECT * FROM usrs 
     WHERE usremail='$usrname' 
     and passwrd='".md5($_POST['passwrd'])."'"; 
$result = mysql_query($sql); 

//count the number of rows found with the given info 
$count = mysql_num_rows($result); 

//the matched result must be equal to 1 
if ($count == 1) { 
    $_SESSION['u_name'] = $usrname; 
    header("Location: ../../landing.php"); 
    exit(); 
} 
else { 
    echo "Wrong Username or Password"; 
} 

這是用形式IM:

<div id="login-signup" class="letters2"><a href="javascript:blankfunction()">Login | Signup</a></div> 
<div id="point-1" class="point-1"><img src="site-wide/point-1.png" width="405" height="131" /> 
    <div id="login-form"> 
    <form id="login" method="POST" action="site-wide/effects/login.php"> 
    <label for="username"></label> 
    <input type="text" name="usrname" id="usrname" value="email" onfocus="clearMe(this);" onblur="unClearMe(this);"/> 
    <label for="passwrd"></label> 
    <input type="password" name="passwrd" id="passwrd" value="password" onfocus="clearMe(this);" onblur="unClearMe(this);"/> 
    <input type="image" src="site-wide/submit.png" name="submit" id="submit" value="login"/> 
    </form> 

這是的USR表在我的數據庫:

的USR

Field Type   Null Default Comments 
ID   int(4)  No 
usrfname  varchar(15) No  
usrlname  varchar(15) No   
usremail  varchar(45) No 
passwrd  varchar(8) No 
usrage  int(3)  No 
usrgender varchar(7) No 

我找到了回答xD ..問題是數據庫。密碼字段只有8個字符,而真正的md5密碼超過了15個。所以我所做的只是增加字段可處理的字符數和中提琴!

+0

剛剛意識到它實際上跳過了整個'if'語句。 – GeneralCan

+0

我告訴過你在這段代碼中沒有好處,lol :) –

回答

-1

在我的最後工作很好,只是添加了jogesh_p建議的內容。

請檢查會話是否已經開始,然後繼續執行腳本的其餘部分。它可能會拋出任何錯誤?像這樣設置error_reporting:

<?php 
error_reporting(E_ALL); 
if (!session_start()) { 
    die("The session hasn't been started!"); 
} 

這樣你就可以在繼續之前檢查是否有錯誤。

+0

只是檢查了它,會話確實啓動 – GeneralCan

+0

但會跳過if語句。我是否正確輸入了sql查詢? – GeneralCan

+0

你有沒有試過做一些調試?像'var_dump($ count);'或者檢查mysql_query是否返回任何錯誤(可能是'mysql_query($ sql)'或者'print(mysql_error())''也可以)。 –

0

我想你還必須檢查用戶名和密碼是否提交?

if(isset($_POST['submit_button_name'])){ 
    // then your code 
    // and if the both are submitted and 
    // match into the database then use session_start(); 
} 
+0

我剛加了'echo $ count'在腳本的末尾。和「$計數」返回0每次 – GeneralCan

+0

@ user1095145就意味着,從你的用戶試圖在你的數據庫登錄不退出.. –

+0

我在DB – GeneralCan

0

你或許應該使用相同的密碼變量名的位置:

$sql = "SELECT * FROM usrs WHERE usremail='$usrname' and passwrd='".md5($_POST['passwrd'])."'"; 

要:

$sql = "SELECT * FROM usrs WHERE usremail='$usrname' and passwrd='".md5($passwrd)."'"; 

你重定向?或者它說錯了用戶/密碼?如果你被重定向,那麼看起來證書已經通過並且用戶被認證了。你檢查了會議嗎?

+0

也請考慮使用PDO否則你的腳本是開放的SQL注入。 – Devraj

+0

任何意見將有所幫助。此腳本運行並且您嘗試登錄後會發生什麼?你有沒有看到任何錯誤?這只是會議嗎?具體問題是什麼? –

+0

運行腳本後,它只是給了我錯誤消息「錯誤的用戶名/通行證」,它永遠不會重定向 – GeneralCan

0

如果$ count爲0,那麼很有可能您輸入的憑據是錯誤的。 但只是試試這個。更改查詢到

SELECT * FROM usrs 
    WHERE usrs.usremail = '$usrname' 
    and usrs.passwrd = '".md5($passwrd)."' 
+0

是啊,謂沒有工作,要麼:( – GeneralCan

+0

也許不是'usrs.usremail =「$ usrname''但'usrs.usremail = '{$ usrname}'' – SSpoke

0

我寫一個PHP登錄腳本和共享上的一篇文章...這裏是代碼:

<?php 
 
include 'inc/config.php'; 
 
$err = "Enter Your Email and Password"; 
 

 
$email = filter_input(INPUT_POST,'email',FILTER_SANITIZE_EMAIL); 
 
$password = filter_input(INPUT_POST,'pwd',FILTER_SANITIZE_STRING); 
 

 
if(isset($email) && isset($password)){ //If Email and Password is Given then Continue 
 
$q = mysqli_query($con,"SELECT * FROM users WHERE email='$email'"); 
 
if(mysqli_num_rows($q)>0){ //Checking Email from the Database 
 
    $password = sha512($password); 
 
    $u = mysqli_query($con,"SELECT * FROM users WHERE email='$email' AND pwd='$password'"); 
 
    if(mysqli_num_rows($u)>0){ //Matching Email and Password from the Database 
 

 
    //Download the script to get the full code 
 

 
     $_SESSION['username'] = $data['username']; 
 
     $err = NULL; 
 
     $time = time()+(24*60*60); //Setting time for 24 hours 
 
     setcookie("mct_session",true,$time); //Setting Cookie 
 
    }else{ 
 
     $err = "Email and Password doesn't match"; 
 
    } 
 
}else{ 
 
    $err = "No User Account Found"; 
 
} 
 
} 
 
if(isset($err)){ 
 
    header("Location: index.php?err=".$err); //Login Failed 
 
}else{ 
 
    header("Location: dashboard.php"); //Login Success 
 
} 
 
?>

和形式我是使用是:

 <form class="login-form" action="login.php" method="POST"> 
 
     <div class="form-group"> 
 
      <label form="email">Email:</label> 
 
      <input type="email" name="email" placeholder="Email Address" class=form-control required/> 
 
     </div> 
 
     <div class="form-group"> 
 
      <label form="pwd">Password:</label> 
 
      <input type="password" placeholder="Password" name="pwd" class=form-control required/> 
 
     </div> 
 
     <div class="form-action"> 
 
      <div class="col-sm-12"><a href="#" onclick="toggleForm()" class="pull-left font-bree font-2x">Sign Up</a><input type="submit" class="submit_btn btn pull-right" value="Login"/></div> 
 
     </div> 
 
     </form> 
 
<!--Login Form Ends-->

檢查出來http://mycodingtricks.com/php/php-login-script-with-example/

0

此登錄是容易受到SQL注入,可以考慮使用PDO。