1. 首頁
  2. 問答
  3. Php/Mysql登錄身份驗證

Php/Mysql登錄身份驗證

2015-12-30 129 views
-3

我無法使用Php/mysql進行身份驗證,使用以下方法。我使用了一個表單來登錄。請檢查以下內容並幫助我?Php/Mysql登錄身份驗證

form.php的

<html> 
    <body> 
     <h2>Authentication</h2> 
     <form action="login.php" method="post"> 
      <label>Userid :</label> 
      <input type="text" id="userid" name="userid" > 
      <label>Password :</label> 
      <input type="password" id="password" name="password"> 
      <input name="submit" type="submit" value=" Login "> 
      <span><?php echo $error; ?></span> 
     </form> 
    </body> 
</html>

的login.php

<?php 
    $message=""; 
    if(count($_POST)>0) { 
     mysql_connect("localhost", "root", "kami123")or 
     die(mysql_error());  
     mysql_select_db("ccmsdb") or die(mysql_error()); 

     $result = mysql_query("SELECT *FROM client WHERE 
     userid='" . $_POST["userid"] . "' AND 
     password = '". $_POST["password"]."'"); 

     $count = mysql_num_rows($result); 
     if($count==0) { 
      $message = "Invalid Username or Password!"; 
     } else { 
      $message = "You are successfully authenticated!"; 
     } 
    } 
?>

來源

2015-12-30 kamran javaid

+0

你是什麼意思「無法驗證」?你沒有看到成功的消息?你沒有會議?順便說一下,mysql已被棄用,您應該考慮切換到mysqli或pdo。並提防SQL注入! http://stackoverflow.com/questions/13944956/the-mysql-extension-is-deprecated-and-will-be-removed-in-the-future-use-mysqli – jiboulex

+0

你不應該發佈你的數據庫的根密碼。您不應以純文本格式存儲密碼。你一定要閱讀關於SQL注入。 – dev0

+0

它不是運營項目,我正在研究它將在以後應用反sqli。但代碼不起作用什麼是問題 –

回答

1

況且什麼在評論本已提到的,你缺少的查詢空間:

SELECT *FROM client WHERE 


SELECT * FROM client WHERE

來源

2015-12-30 08:57:10 dev0

+0

仍然不能正常工作 –

+1

你是什麼意思不工作? – jiboulex

+0

我的意思是我糾正了選擇查詢,但仍然不起作用 –

0

你爲什麼不嘗試PDO? MySQL函數已被棄用。

$err=""; 
(isset($_POST['email'], $_POST['pass'])) { 
$email  = $_POST['email']; 
$pass  = $_POST['pass']; 

    if(!empty($email) && !empty($pass)) { 
     if(filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE) { 
       $err = 'Invalid email format.'; 
        } 
      $dbc = new PDO('mysql:host=YOUR HOST;dbname=YOUR DBNAME', 'YOUR USERNAME', 'YOUR PASSWORD'); 
       $stmt = $dbc->prepare("SELECT id, name, pass FROM client WHERE email =:email LIMIT 1"); 
       $stmt -> bindValue(':email', $email); 
       $stmt -> execute(); 
        while($row = $stmt->fetch(PDO::FETCH_ASSOC)){ 
         if(password_verify($pass, $row['pass'])) { 
          //Logged In 
          $_SESSION['id'] = $row['id']; 
          $_SESSION['name'] = $row['name']; 
          header('Location:logged_in_user_page.php'); 
           ... bla bla ...     
         }else { 
          // Not Logged In 
          header('Location:not_logged_in_user_page.php');       
         } 
        }   
    }else { 
     $err = 'You have to provide an email and a password!'; 
    } 
}

來源

2015-12-30 09:23:46

相關問題

 相關問題