2014-03-24 126 views
0

我已經使用Php數據對象創建了登錄腳本。 但是它不能正常工作問題是即使密碼與數據庫記錄不匹配,它也會讓任何用戶登錄。我對這部分非常困惑,我無法弄清楚。PHP PDO登錄過程不起作用

$case = 1; 
include("common/top.php"); 
if(isset($_SESSION['STAKEZONE'])) 
{ 
    header("Location: dashboard.php"); 
} 
if(!empty($_POST['login'])) 
{ 
    if($_POST['username'] == '') 
    { 
     $msg = 'Please Enter your Username! <br>'; 
     $case = 0; 
    } 
    if($_POST['password'] == '') 
    { 
     $msg = 'Please Enter your Password!'; 
     $case = 0; 
    } 
    if($case == 1) 
    { 
     $username = $_POST['username']; 
     $password = $_POST['password']; 
     $sql = $dbh->prepare("SELECT * FROM users WHERE username = ?"); 
     $sql->execute(array($username)); 
     while($u = $sql->fetch()) 
     { 
      $id = $u['id']; 
      $password_query = $u['password']; 
      $lastip = $u['lastip']; 
      $status = $u['status']; 
     } 
     $row = $sql->fetch(PDO::FETCH_ASSOC); 
     if($status == '0' && $row) 
     { 
      $msg = base64_encode('Your Account is Inactive'); 
      header("Location: login.php?msg=$msg"); 
      die; 
     } 
     $password_md5 = md5($password); 
     if($password_md5 = $password_query) 
     { 
      $sql = "UPDATE users 
        SET lastip = ? 
        WHERE id = ?"; 
      $q = $dbh->prepare($sql); 
      $q->execute(array($_SERVER['REMOTE_ADDR'],$id)); 

      $_SESSION['STAKEZONE']['user'] = $username; 
      $_SESSION['STAKEZONE']['id'] = $id; 
      header("Location: dashboard.php"); 
      die; 
     } 
     else 
     { 
      $msg = base64_encode("Wrong Username Or Password"); 
      header("Location: login.php?msg=$msg"); 
      die; 
     } 
    } 
    else 
    { 
     header("Location: login.php?msg=$msg"); 
     die; 
    } 
} 

感謝您的幫助,非常感謝。

+0

你也應該'你的第一個'header'電話後exit',你將永遠也趕不上你的不活躍用戶爲'$ row'將始終評估在那個時候「虛假」;在你的循環之後沒有剩下的行。 – jeroen

+0

啊我該怎麼辦:/? – user3356613

回答

1

您有一個錯字。你需要下面的行

if($password_md5 = $password_query) 

改變成以下

if($password_md5 == $password_query) 
+0

謝謝你這麼多先生,我浪費了幾小時,幾小時和幾小時.. – user3356613

+0

不客氣。你能接受這個答案嗎? – mesutozer