我已經使用Php數據對象創建了登錄腳本。 但是它不能正常工作問題是即使密碼與數據庫記錄不匹配,它也會讓任何用戶登錄。我對這部分非常困惑,我無法弄清楚。PHP PDO登錄過程不起作用
$case = 1;
include("common/top.php");
if(isset($_SESSION['STAKEZONE']))
{
header("Location: dashboard.php");
}
if(!empty($_POST['login']))
{
if($_POST['username'] == '')
{
$msg = 'Please Enter your Username! <br>';
$case = 0;
}
if($_POST['password'] == '')
{
$msg = 'Please Enter your Password!';
$case = 0;
}
if($case == 1)
{
$username = $_POST['username'];
$password = $_POST['password'];
$sql = $dbh->prepare("SELECT * FROM users WHERE username = ?");
$sql->execute(array($username));
while($u = $sql->fetch())
{
$id = $u['id'];
$password_query = $u['password'];
$lastip = $u['lastip'];
$status = $u['status'];
}
$row = $sql->fetch(PDO::FETCH_ASSOC);
if($status == '0' && $row)
{
$msg = base64_encode('Your Account is Inactive');
header("Location: login.php?msg=$msg");
die;
}
$password_md5 = md5($password);
if($password_md5 = $password_query)
{
$sql = "UPDATE users
SET lastip = ?
WHERE id = ?";
$q = $dbh->prepare($sql);
$q->execute(array($_SERVER['REMOTE_ADDR'],$id));
$_SESSION['STAKEZONE']['user'] = $username;
$_SESSION['STAKEZONE']['id'] = $id;
header("Location: dashboard.php");
die;
}
else
{
$msg = base64_encode("Wrong Username Or Password");
header("Location: login.php?msg=$msg");
die;
}
}
else
{
header("Location: login.php?msg=$msg");
die;
}
}
感謝您的幫助,非常感謝。
你也應該'你的第一個'header'電話後exit',你將永遠也趕不上你的不活躍用戶爲'$ row'將始終評估在那個時候「虛假」;在你的循環之後沒有剩下的行。 – jeroen
啊我該怎麼辦:/? – user3356613