我想讓我的登錄php工作。我找不到有什麼問題。我以前有過這樣的工作,但它突然停止了。我也使用bootstrap,但我不認爲這會導致任何問題。 php和表單之間的所有內容似乎都匹配。我爲登錄表單使用javascript和css模式,但我不認爲這會影響它。自定義php登錄表單:使用模式
PHP:
<?php
session_start();
include_once 'dbconnect.php';
if(isset($_SESSION['usr_id'])) {
echo "Successfully Logged In!";
//header("Location: index.php");
}
if (isset($_POST['login'])) {
$email = mysqli_real_escape_string($con, $_POST['email']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$result = mysqli_query($con, "SELECT * FROM users WHERE email = '" . $email . "' and password = '" . md5($password) . "'");
?>
<!--<script>
alert("<?php echo 'Result is: '.$result; ?>");
</script> -->
<?php
$row = mysqli_fetch_array($result);
echo $row;
if ($row != NULL) {
$_SESSION['usr_id'] = $row['id'];
$_SESSION['usr_name'] = $row['name'];
// header("Location: index.php");
} else {
$errormsg = "Incorrect Email or Password!!!";
}
}
?>
這裏是我的登錄模式與形式:
<!-- The Modal -->
<div id="login" class="modal">
<!-- Modal content -->
<div class='js-fade fade-in is-paused'>
<div class="modal-content">
<span class="close" data-dismiss="modal">x</span>
<form role="form" action="index.php" method="post" name="loginform">
<fieldset>
<legend>Login</legend>
<div class="form-group">
<label for="name">Email</label>
<input type="text" name="email" id="email" placeholder="Your Email" required class="form-control" />
</div>
<div class="form-group">
<label for="name">Password</label>
<input type="password" name="password" id="password" placeholder="Your Password" required class="form-control" />
</div>
<div class="form-group">
<input type="submit" name="login" value="login" class="btn btn-info login" role="button" />
</div>
</fieldset>
<div class="signupbtn">
<li><a href="signup/index.php" class="noaccount btn btn-info" id="signupbtn">Don't have an account? Sign Up here.</a></li>
</div>
</form>
</div>
</div>
</div>
導航欄:
<!-- Nav Bar -->
<nav class="navbar navbar-default navbar-fixed-top navbar-left">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand brand" href="#" style="font-family: Warnes">Unleasht</a>
</div>
<div class="collapse navbar-collapse">
<ul class="nav navbar-nav">
<li class="navbarli"><a href="#" class="navbarli">HOME</a></li>
<li class="navbarli"><a href="#about" class="navbarli">ABOUT</a></li>
<li class="navbarli"><a href="#music" class="navbarli" data-toggle="collapse" data-target=".navbar-collapse.in">MUSIC</a></li>
<li class="navbarli"><a href="#contact" class="navbarli" data-toggle="collapse" data-target=".navbar-collapse.in">CONTACT</a></li>
</ul>
<ul class="nav navbar-nav navbar-right">
<?php
function loggedIn(){
if(isset($_SESSION['usr_id']))
{ echo '<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">'. $_SESSION['user'] .'<span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="#">'. $_SESSION['usr_name'] .'</a></li>
<li><a href="#">Account</a></li>
<li role="separator" class="divider"></li>
<li><a action="login/logout.php">Logout</a></li>
</ul>
</li>';
}else{
unset($_SESSION['usr_id']);
echo '<li><a href="#login" class="navbarli" data-toggle="modal" data-target="#login" id="loginbtn"><span class="glyphicon glyphicon-log-in navbarli"></span> Login</a></li>';
}
}
loggedIn();
?>
</ul>
</div><!--/.nav-collapse -->
</div>
</nav>
我在做什麼錯?
是的,我知道,MD5是不使用的,因爲密碼是好事安全。現在,我只是試圖讓登錄工作,然後我會從md5切換到其他的。 –
你真的不應該使用[MD5密碼哈希](http://security.stackexchange.com/questions/19906/is-md5-considered-insecure),你真的應該使用PHP的[內置函數](http: //jayblanchard.net/proper_password_hashing_with_PHP.html)來處理密碼安全性。確保你[不要逃避密碼](http://stackoverflow.com/q/36628418/1011527)或在哈希之前使用其他任何清理機制。這樣做*更改密碼並導致不必要的附加編碼。 –
[Little Bobby](http://bobby-tables.com/)說[你的腳本存在SQL注入攻擊的風險。](http://stackoverflow.com/questions/60174/how-can-i-prevent -sql -injection-in-php)瞭解[MySQLi]的[prepared](http://en.wikipedia.org/wiki/Prepared_statement)語句(http://php.net/manual/en/mysqli.quickstart .prepared-statements.php)。即使[轉義字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! –