1. 首頁
  2. 問答
  3. 登錄形式,甚至在錯誤的用戶名/密碼

登錄形式,甚至在錯誤的用戶名/密碼

2012-12-25 131 views
1

給成功,我有一個登錄表單,如:登錄形式,甚至在錯誤的用戶名/密碼

<?php include "base.php"; ?> 

<div id="loginpart"> 
<?php 
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username'])) 
{ 
?> 
You are logged in as <b><?=$_SESSION['Username'];?> </b>. | <a  href="logout.php">LogOut</a> 
<?php 
} 
elseif(!empty($_POST['username']) && !empty($_POST['password'])) 
{ 
$username = mysql_real_escape_string($_POST['username']); 
$password = md5(mysql_real_escape_string($_POST['password'])); 
$checklogin = mysql_query("SELECT * FROM user WHERE username = '".$username."' AND user_password = '".$password."'"); 
if($checklogin) 
{ 
    $row = mysql_fetch_row($checklogin); 
    $_SESSION['Username'] = $username; 
    $_SESSION['LoggedIn'] = 1; 
    echo "<p>Success: We are now redirecting you to the member area.</p>"; 
    echo "<meta http-equiv='refresh' content='2;index.php' />"; 
    //header('Location:index.php'); 
} 
else 
{ 
    echo "<p>Error: Sorry, your account could not be found. Please <a  href=\"index.php\">click here to try again</a>.</p>"; 
} 
} 
else 
{ 
?>  
<form method="post" action="index.php" name="loginform" id="loginform"> 
    Username:<input type="text" name="username" id="username" /> 
    Password:<input type="password" name="password" id="password" /> 
    <input type="submit" name="login" id="login" value="Login" /> 
| <a href="register.php">Register</a> 
</form> 
<?php 
} 
?> 
</div>

它先檢查,如果用戶登錄或沒有。如果沒有,那麼它登錄在 包括base.php調用數據庫:

<?php 
session_start(); 
$dbhost = "localhost"; // this will ususally be 'localhost', but can sometimes differ 
$dbname = "login"; // the name of the database that you are going to use for this project 
$dbuser = "root"; // the username that you created, or were given, to access your  database 
$dbpass = ""; // the password that you created, or were given, to access your database 
mysql_connect($dbhost, $dbuser, $dbpass) or die("MySQL Error: " . mysql_error()); 
mysql_select_db($dbname) or die("MySQL Error: " . mysql_error()); 
?>

的錯誤是在它檢查用戶名和密碼,第2架。

數據庫表:

create table user(
user_ID smallint unsigned auto_increment, 
username varchar(30), 
user_password varchar(16), 
user_fname VARCHAR(30) NOT NULL, 
user_lname VARCHAR(30) NOT NULL, 
user_contact varchar(14), 
user_email varchar(30), 
user_street varchar(20), 
user_city varchar(20), 
constraint pk_user primary key (user_ID) 
) engine innodb;

的問題是,即使我輸入錯誤的用戶名或密碼。它使我登錄。有人請幫助我錯誤的地方。

來源

2012-12-25 Javeria Habib

+0

你確定你的UR爲'「」數據庫有一個密碼' – gkris

回答

3

您不檢查是否正在返回一行。

if($checklogin)將始終評估爲真,即使結果集爲空(因爲密碼錯誤或未找到用戶)。

您需要更換這個,如果有一個條款,將檢查非空的結果集,例如:

if(mysql_num_rows($checklogin) > 0)

作爲一個方面說明:您可能還需要挑選更多表現的變量名,如$checklogin_result$checklogin_row,這樣,如果你的項目有一天真的很大,你就不會失去視線;)

來源

2012-12-25 23:09:01

+0

然後提示錯誤登錄即使是在正確的數據 –

+1

MD5哈希消耗32個十六進制數字,請嘗試相應地轉換您的user_password列。目前,您只存儲它的前16位數字,並將其與新近計算的哈希值進行比較,其正確長度爲32位,這當然總是會失敗。 –

3

它返回成功可能是因爲沒有語法錯誤,並且您的查詢成功執行。但這並不意味着行被返回。空行需要進行檢查

if(mysql_num_rows($checklogin) > 0) 
{ 
    $row = mysql_fetch_row($checklogin); 
    $_SESSION['Username'] = $username; 
    $_SESSION['LoggedIn'] = 1; 
    echo "<p>Success: We are now redirecting you to the member area.</p>"; 
    echo "<meta http-equiv='refresh' content='2;index.php' />"; 
    //header('Location:index.php'); 
} 
else 
{ 
    echo "<p>Error: Sorry, your account could not be found. Please <a  href=\"index.php\">click here to try again</a>.</p>"; 
}

來源

2012-12-25 23:09:38 codingbiz

相關問題

 相關問題