-1
我試圖創建一個使用PHP的登錄頁面,我希望我的代碼檢查按下登錄按鈕後給出的用戶名和密碼。但即使未按下登錄按鈕,代碼也會執行。我在網上搜索了幾十個代碼,幾乎所有的代碼都是以這種方式實現的,所以我不明白這裏有什麼問題。這裏是我的代碼:php isset不提交按鈕
<HTML>
<HEAD>
<TITLE>Welcome to FoodOrder - Log In or Sign Up</TITLE>
</HEAD>
<BODY background = "foodOrder.png">
<?php
session_start();
$con = mysqli_connect("xxxx", "xxxx", "xxxx", "xxxx");
if(mysqli_connect_errno()){
echo "Failed to connect, please check your username and password: ".mysqli_connect_error();
}
if(isset($_SESSION['user'])!= ""){
header("Location: home.php");
}
if(isset($_POST["login_button"])){
$username = mysqli_real_escape_string($_POST['username']);
$password = mysqli_real_escape_string($_POST['password']);
$sql = "SELECT password from user where username = '$username'";
$res = mysqli_query($con,$sql);
$row = mysqli_fetch_array($res);
if($row['password'] == md5($password)){
$_SESSION['user'] = $username;
header("Location : home.php");
} else {
?> <script>alert('wrong username or password');</script> <?php
}
}
?>
<center>
<div id ="login form">
<form method = "POST">
<table align = "center" width = "25%" border = "0">
<tr>
<td><input type = "text" name = "username" placeholder = "your_username_here" required></td>
</tr>
<tr>
<td><input type = "text" name = "password" placeholder = "your_password_here"></td>
</tr>
<tr>
<td><input type = "submit" name = "login_button" value = "Log In" /></td>
</tr>
<tr>
<td><a href = "register.php">Sign Up</a></td>
</tr>
</table>
</form>
</div>
</center>
</BODY>
</HTML>
我希望那些更換此
是不是你真正的憑據..如果'登錄in'不按哪個代碼執行?你也不應該逃避那些不會去db的輸入,這樣一個帶引號的密碼就會被錯誤地散列。你也不應該使用'md5'作爲密碼。 – chris85
儘管編輯,如果這些是您的憑據重置您的帳戶。證書可能已經被破壞並且仍然存在於修訂中。 – chris85
@ chris85它正確地到達db,但它錯誤地保存在會話中。 – Rudie