我想創建一個腳本,其中的電子郵件和密碼從表單發送並傳遞到查詢運行的操作頁面。無論我輸入什麼,它總是返回'您已註銷',任何人都可以看到爲什麼?任何人都可以看到這個MySQL用戶登錄代碼的任何錯誤?
<div id="signinform">
<fieldset>
<legend>Please enter your email address and password</legend>
<form action="account.php" method="POST">
<label>Email :</label>
<input type="text" name="email" /><br />
<label>Password :</label>
<input type="text" name="password" /><br/>
<input class="signbutt" type="submit" value="Log in"/><br />
</form>
</fieldset>
</div>
動作頁:
<?php
session_start();
$con = mysql_connect("localhost","******","******");
mysql_select_db("deucalio_photostore", $con);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
if(isset($_POST['email']) && isset($_POST['password']))
{
$username = $_POST['email'];
$password = $_POST['password'];
//used because if md5 is used in password itself md5 has is created for blank as well so user can get away with not entering password
if(!empty($username) && !empty($password))
{
$query = "SELECT userID FROM users WHERE email = '$username' AND password = '$password' ";
if($query_run = mysql_query($con, $query, array()))
{
$query_num_rows = mysql_num_rows($query_run);
if($query_num_rows == 0)
{
echo 'Invalid username/password combination';
}
else if($query_num_rows == 1)
{
while($row = mysql_fetch_array($query_run,mysql_fetch_assoc))
{
$user_name = $row['email'];
$userid = $row['userID'];
$_SESSION['userID'] = $userid;
$_SESSION['email'] = $user_name;
}
}
}
}
else
{
echo 'You must supply a username and password';
}
}
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>My account</title>
<meta name="description" content="Easy HTML5 Template">
<meta name="author" content="">
<link rel="stylesheet" type="text/css" href="styles.css" />
<script type="text/javascript" src="script.js"></script>
</head>
<body class="home">
<div id="header"> <!-- THIS IS THE TOP DIV THAT CONTAINS THE LOGIN, SITE LOGO AND BASKET CONTAINER -->
</div> <!-- END HEADER CONTAINER -->
<div id="main">
<div id="content">
<?php
if (isset($_SESSION['userID'])){
echo'<p > Hello ' . $user_name. '!</p>' ;}
else{
echo 'You have logged out';}
?>
</div> <!-- END CONTENT CONTAINER -->
</div> <!-- END MAIN CONTAINER -->
<div id="footer" >
</div> <!-- END FOOTER CONTAINER -->
</body>
</html>
</html>
我一直在這兩個小時,我認爲這可能是MySQL的語法。
謝謝。
我不熟悉這個調用'$ query_run = mysql_query($ con,$ query,array())'。你確定這些論點? http://php.net/manual/en/function.mysql-query.php描述了一些不同的參數。 – Basti 2012-02-24 22:14:43
我不確定,我從代碼轉換這我使用SQLSRV語法做這個,我似乎沒有做得很好! – deucalion0 2012-02-24 22:23:56
而你的評論在這裏:/ /使用,因爲如果md5用於密碼本身md5已創建爲空白,以便用戶可以逃脫不輸入密碼 不是將純文本密碼放入數據庫中的原因,這會讓你陷入災難。你應該做其他的檢查,以確保密碼符合你的要求(如不是空白) - 這並不意味着你不應該散列密碼 – 2012-02-24 22:24:33