1. 首頁
  2. 問答
  3. PHP登錄腳本只會登錄特定用戶?

PHP登錄腳本只會登錄特定用戶?

2013-06-05 212 views
0

我一直在使用這個登錄腳本很長一段時間,它的相當穩固,但它現在破碎,讓我瘋了。PHP登錄腳本只會登錄特定用戶?

基本上腳本只接受第一個MySQL行用戶登錄,登錄系統將工作,但只是爲第一個SQL行,它似乎忽略所有的行?

global_database.php

<?php 

$dbhost = 'localhost'; 
$dbuser = 'dealerpa_guest'; 
$dbpass = 'password_here'; 



function dbConnect($db='') { 
global $dbhost, $dbuser, $dbpass; 

$dbcnx = @mysql_connect($dbhost, $dbuser, $dbpass) 
     or die('We are currently applying some major patches and fixes to our systems.  Please try again in 10 Minutes.'); 

if ($db!='' and [email protected]_select_db($db)) 
    die('We are currently applying some major patches and fixes to our systems. Please try again in 10 Minutes.'); 

return $dbcnx; 
} 


?>

global_restriction.php

<?php 

session_start(); 


include_once 'global_database.php'; 
include_once 'global_common.php'; 

$dealerUsername = isset($_POST['dealerUsername']) ? $_POST['dealerUsername'] :  $_SESSION['dealerUsername']; 
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd']; 


if(!isset($dealerUsername)) { 
?> 
<html> 
<body> 
    <form id="dealerLogin" name="dealerLogin" method="post" action=""> 
<input name="dealerUsername" type="text" id="dealerUsername" size="15" class="validate[required] text-input" /> 

    <input name="pwd" type="password" id="pwd" size="15" class="validate[required] text-input" /> 

<input name="submit" id="submit" type="submit" value="Login" class="save-button" /> 

</form> 

<?php 

exit; 
} 

$_SESSION['dealerUsername'] = $dealerUsername; 
$_SESSION['pwd'] = $pwd; 

dbConnect("dealerpa_account"); 
$sql = "SELECT * FROM dealerAccount WHERE dealerUsername = '$dealerUsername' AND dealerPassword = md5('$pwd')"; 

$result = mysql_query($sql); 
if (!$result) { 
error('A database error occurred while checking your '. 
    'login details.\\nIf this error persists, please '. 
    'contact us.'); 
} 

if (mysql_num_rows($result) == 0) { 
unset($_SESSION['dealerUsername']); 
unset($_SESSION['pwd']); 

?> 

<html> 
<body> 
<p>Display Login page again if password is wrong</p> 
</body> 
<?php 
exit; 
} 

$dealerUsername = mysql_result($result,0,'dealerUsername'); 
$dealerID = mysql_result($result,0,'dealerID'); 
?>

我檢查了PHP的設置和註冊全局開啓時,有什麼事我可以試試。奇怪的是隻有一個用戶可以登錄。它就像腳本沒有檢查整個表,只查看第一個SQL Row。

任何幫助將不勝感激。

來源

2013-06-05 BWD Group

+0

出於某種原因,腳本在5個小時後重新開始工作,查看代碼。如果你看到任何改進腳本的方法,以便它更安全,請告知。 –

+1

難道你的主機不推薦使用'mysql_'並轉移到'mysqli'?僅供參考:在SO上這麼說過很多次,使用'mysql_'開放注入。 –

+1

您的代碼易受SQL注入攻擊。在查詢中使用它之前,您需要清理* ALL *用戶輸入或使用準備好的語句。 – j883376

回答

0

我想那是因爲你的行索引設置爲0在mysql_result()。而不是使用mysql_result嘗試mysql_fetch_assoc。它將檢索關聯數組中的用戶信息。希望有所幫助。

來源

2014-05-20 02:58:02

相關問題

 相關問題