2012-08-12 145 views
-1

我的登錄代碼有幾個問題。我知道我沒有加密密碼,但這僅僅是爲了現在的學習基礎。PHP登錄腳本會話問題

  1. 所以我知道我是從我的形式獲取值,因爲當我提供一個正確的登錄它引導我,因爲我的會議是成員的index.php然後立即重定向我訪問denied.php不正確?

  2. 當我提供了一個無效的登錄它不重定向我登錄,failed.php它只是坐在作爲的login.php有一個空白頁,這就是IM從表單輸入指揮它。

這是我參考的數據庫表:

表:登錄

+---------+----------+-------- 
    | login_ID | Login_PW| auth | 
    +-------=--+---------+-------- 
    | User_test| 123 | null | 
    +----------+---------+-------- 


<?php 
    function clean($str) 
    { 
     $str = @trim($str); 
     if(get_magic_quotes_gpc()) { 
      $str = stripslashes($str); 
     } 
     return $str; 
    } 

    //Sanitize the POST values 

    if (isset($_POST['username']))  
    {  
       $username = clean($_POST['username']);  
    }  


    if (isset($_POST['password']))  
    {  
    $password = clean($_POST['password']); 

    }  

    /* Create a new mysqli object with database connection parameters */ 
    $mysqli = mysqli_connect('localhost', 'root', '', 'draftdb'); 

    if(mysqli_connect_errno()) 
    { 
     echo "Connection Failed: " . mysqli_connect_errno(); 
     exit(); 
    } 

    /* Is your username the same as the login_id? If not you need to change this query's where to use the username column not the login_id. */ 

    /* Create a prepared statement */ 
    if($stmt = $mysqli -> prepare(" 
     SELECT Login_ID, Login_PW 
     FROM login 
     WHERE Login_ID=? AND Login_PW=? 
    ")) 
    { 
     /* Bind parameters 
      s - string, b - boolean, i - int, etc */ 
     $stmt -> bind_param("ss", $username, $password); 

     /* Execute it */ 
     $result = $stmt -> execute(); 

     /* Bind results to variables that will be used within the fetch() loop. */ 
     $stmt -> bind_result($username, $password); 

     //Check whether the query was successful or not 
     if ($result === false) 
     { 
      die("Query failed"); 
     } 
      /* Iterate over the results of the query. */ 
     while ($stmt->fetch()) 
     { //while loop open 
      if($_POST['username'] == $username && $_POST['password'] == $password) 
       { 
      //$member = mysqli_fetch_assoc($result); 


       session_regenerate_id(); 
      /* We can create a _SESSION cause we binded the result to those variables above. */ 
       //$_SESSION['SESS_MEMBER_ID'] = $username; 
       $_SESSION['username'] = $_POST['username']; 


      session_write_close(); 
      header("location: member-index.php"); 
      exit(); 

       } 

       elseif($result -> num_rows == 0) 
        { 
        header("location: login-failed.php"); 
        exit(); 
        } 

     }//while loop close 

      /* Close statement */ 
      $stmt -> close(); 
    }//main if close 

     /* Close connection */ 
     $mysqli -> close(); 

會員-的index.php

<?php 
    //Start session 
    session_start(); 

    //Check whether the session variable SESS_MEMBER_ID is present or not 
    if(!$_SESSION['username']) { 
     header("location: access-denied.php"); 
     exit(); 
    } 
?> 
+0

我們需要更多的代碼來理解。你能把你的整個應用程序放在這裏嗎 – 2012-08-12 03:51:59

回答

0
/* Execute it */ 
$result = $stmt -> execute(); 
$stmt -> store_result(); 

. 
. 
. 

elseif($stmt -> num_rows == 0) // note $stmt instead of $result 

應該這樣做

+0

謝謝我改變了它,但仍然沒有將我重定向到錯誤的用戶名/密碼組合的無效登錄 – Undermine2k 2012-08-12 04:32:04

+0

$ stmt-> num_rows的輸出是什麼? – 2012-08-12 04:33:37

+0

我把函數從fetch循環中移出來,並將它作爲if語句,現在它可以工作,爲什麼?我怎麼能找到$ stmt-> num_rows的輸出?使用var_dump? – Undermine2k 2012-08-12 04:39:17