1. 首頁
  2. 問答
  3. 使用PHP和MySQL登錄不起作用

使用PHP和MySQL登錄不起作用

2014-06-08 40 views
1

我使用php和mysql創建登錄表單。我的過程是,如果用戶成功登錄到那裏的數據庫,然後顯示頁面上的用戶名。 這是我的數據庫:使用PHP和MySQL登錄不起作用

id | username | email |   password 
--------------------------------------------------------------------------------- 
1 | x  | [email protected] | 642653d3f6d0a83db108b692de395f9cb8948651 
2 | y  | [email protected] | 642653d3f6d0a83db108b692de395f9cb8948651 
3 | z  | [email protected] | 642653d3f6d0a83db108b692de395f9cb8948651 
4 | w  | [email protected] | 642653d3f6d0a83db108b692de395f9cb8948651

,我的代碼是:

<?php 
define('INCLUDE_CHECK',true); 
require 'db.php'; 
session_name('flLogin'); 
session_set_cookie_params(2*7*24*60*60); 
session_start(); 
if($_SESSION['id'] && !isset($_COOKIE['flRemember']) && !$_SESSION['rememberMe']) 
{ 
    $_SESSION = array(); 
    session_destroy(); 
} 
if(isset($_GET['logoff'])) 
{ 
    $_SESSION = array(); 
    session_destroy(); 
    header("Location: index.php"); 
    exit; 
} 
if($_POST['submit']=='Login') 
{ 
    $err = array(); 
    if(!$_POST['email'] || !$_POST['password']) 
     $err[] = 'All the fields must be filled in!'; 
    if(!count($err)) 
    { 
      $hasspass=md5($_POST['password']); 
     $_POST['email'] = mysql_real_escape_string($_POST['email']); 
     $_POST['password'] = mysql_real_escape_string($_POST['password']); 
     $_POST['rememberMe'] = (int)$_POST['rememberMe']; 
     $row = mysql_fetch_assoc(mysql_query("SELECT id,username,email FROM database WHERE email='{$_POST['email']}' AND password='".$hasspass."'")); 
     if($row['email']) 
     { 
      $_SESSION['email']=$row['email']; 
      $_SESSION['id'] = $row['id']; 
      $_SESSION['username'] = $row['username']; 
      $_SESSION['rememberMe'] = $_POST['rememberMe']; 
      setcookie('flRemember',$_POST['rememberMe']); 
     } 
     else $err[]='Wrong email and/or password!'; 
    } 
    if($err) 
    $_SESSION['msg']['login-err'] = implode('<br />',$err); 
    header("Location: index.php"); 
    exit; 
} 
?> 
<html> 
<head> 
</head> 
<body> 
<div id="toppanel"> 
    <div id="panel"> 
     <div class="content clearfix"> 
      <?php 
      if(!$_SESSION['id']): 
      ?> 
      <div class="left"> 
       <form class="clearfix" action="" method="post"> 
        <?php 
         if($_SESSION['msg']['login-err']) 
         { 
          echo '<div class="err">'.$_SESSION['msg']['login-err'].'</div>'; 
          unset($_SESSION['msg']['login-err']); 
         } 
        ?> 
        <input class="field" type="email" name="email" id="email" placeholder="email" value="" size="23" /> 
        <input class="field" type="password" name="password" id="password" placeholder="password" size="23" /> 
        <label><input name="rememberMe" id="rememberMe" type="checkbox" checked="checked" value="1" /> &nbsp;Remember me</label> 
        <input type="submit" name="submit" value="Login" class="bt_login" /> 
       </form> 
      </div> 

      <?php 
      else: 
      endif; 
      ?> 
     </div> 
    </div> <!-- /login --> 


      <?php echo $_SESSION['id'] ? $_SESSION['username'] : ' ';?>   
       <a href="#"><?php echo $_SESSION['id']?'<a href="?logoff">Log off</a>':'Log In | Register';?></a> 


</body> 
</html>

它沒有奏效。我沒有發現錯誤。請有人幫助我。

來源

2014-06-08 Aiswarjya

+2

你是開放的[SQL注入攻擊(HTTP://en.wikipedia .org/wiki/SQL_injection),並且您正在使用一個Deprecated API。請找到一個修復[這裏](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1)。 –

+0

@ShankarDamodaran是我還是他正在使用mysql_real_escape_string?或者您不能重新編寫$ _POST值 – Zerquix18

+0

@ Zerquix18,** Both **。您應該建議OP切換到「PDO/MySQLi」準備好的語句。 –

回答

0

試試這個:

$query = mysql_query("SELECT id,username,email FROM database WHERE email='{$_POST['email']}' AND password='".$hasspass."'"); 
if(mysql_num_rows($query) > 0) { 
    $row = mysql_fetch_assoc($query); 
    // save your $_SESSION values here... 
}else{ 
    $err[]='Wrong email and/or password!'; 
}

來源

2014-06-08 05:06:25 Zerquix18

0 
if($_POST['submit']=='Login')

改變這

if($_POST['submit'])

完蛋了

來源

2014-07-08 04:48:15

相關問題

 相關問題