我的PHP其他版本無法正常顯示

Question

當登錄密碼或用戶名不正確時，它會在應答時回顯錯誤，任何人都會明白這是爲什麼？ 我已經檢查了代碼多次，仍然無法找到爲什麼errror發生所以這將是巨大的，如果有人能解決我的代碼

<?php 
define('DB_HOST', 'localhost'); 
define('DB_NAME', 'radio'); 
define('DB_USER','anuar'); 
define('DB_PASSWORD','admin'); 

$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error()); 
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error()); 
/* 
$ID = $_POST['user']; 
$Password = $_POST['pass']; 
*/ 
function SignIn() 
{ 
session_start(); //starting the session for user profile page 
if(!empty($_POST['user'])) //checking the 'user' name which is from Sign-In.html, is it empty or have some text 
{ 
    $query = mysql_query("SELECT * FROM members where Username = '$_POST[user]' AND Password = '$_POST[pass]'") or die(mysql_error()); 
    $row = mysql_fetch_array($query) or die(mysql_error()); 
    if(!empty($row['Username']) AND !empty($row['Password'])) 
    { 
     $_SESSION['Username'] = $row['Password']; 
     echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE..."; 

    } 
    else 
    { 
     echo "SORRY... YOU ENTERD WRONG ID AND PASSWORD... PLEASE RETRY..."; 
    } 
} 
} 
if(isset($_POST['submit'])) 
{ 
    SignIn(); 
} 

?> 

Answer 1

改變這一行

if(!empty($row['Username']) AND !empty($row['Password'])) 
    { 
     $_SESSION['Username'] = $row['Password']; 
     echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE..."; 

    } 

對此

if(mysql_num_rows($query)>0) 
{ 
    $_SESSION['Username'] = $row['Password']; 
     echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE..."; 
} 

Answer 2

試試這個可能會給你點子

$username=mysql_real_escape_string($_POST['username']); 
    $password=mysql_real_escape_string($_POST['password']); 

    $sql=mysql_query("SELECT * FROM admin WHERE username='$username' AND password='$password'");; 
    $count=mysql_num_rows($sql); 

    if($count==1) 
    { 
     $_SESSION['admin']=$username; 
     redirect(); 
    } 
    else 
    { 
     echo "<script>alert('Username or password is incorrect...');</script>"; 
    } 

祝你好運！

Answer 3

$row = mysql_fetch_array($query).... 

你可以改變這個代碼，如：

$row = mysql_num_rows($query); 
if($row >=1){ 
$data = mysql_fetch_array($query); 
$_SESSION['Username'] = $data['Username']; 
echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE..."; 
}else{ 
echo "Invalid Username or Password"; 
} 

Answer 4

我已經採取了重寫你的代碼，以解決一些潛在的問題，以及一些展示更好的實踐，包括自由：

• 使用PDO_mysql而不是 「只有維護」 mysql API;
• 使用password_hash擴展與exceptions

這可能是因爲你的主機提供商不提供所有這些功能驗證用戶的密碼

處理錯誤，但我認爲這將是一個很好的機會爲他們提供一個簡短的調查，所以你可以瞭解你應該在哪裏尋找。

<?php 
    session_start(); //starting the session as soon as the script begins 
    try { 
     $db = new PDO('mysql:host=localhost;dbname=radio;charset=utf8', 'anuar', 'admin'); 
     $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
     $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); 
    } catch(PDOException $ex) { 
     echo $ex->getMessage(); 
    } 

    /* 
    $ID = $_POST['user']; 
    $Password = $_POST['pass']; 
    */ 
    function SignIn() 
    { 
     if(!empty($_POST['user'])) //checking the 'user' name which is from Sign-In.html, is it empty or have some text 
     { 
      try { 
       $stmt = $db->prepare("SELECT * FROM members where Username = :user"); 
       $stmt->execute(array(':user' => $_POST['user'])); 
       $results = $stmt->fetchAll(PDO::FETCH_ASSOC); 

       if (((count($results) != 1) || !password_verify($_POST['pass'], $results[0]['Password'])) { 
        // Either password verification failed, or we did not get back exactly one row with the given username; 
        // do something sensible about that, please. 

        return false; 
       } 

       $_SESSION['Username'] = $results[0]['Username']; 

      } catch (PDOException $ex) { 
       // Our database code failed somewhere - you should log this somewhere and check on them regularly, 
       // if you're getting a lot of them give some thought as to why. 
       echo $ex->getMessage(); 
      } 
     } 
    } 

    if(isset($_POST['submit'])) 
    { 
     SignIn(); 
    }