1. 首頁
  2. 問答
  3. 登錄系統,讀取身份和密碼,然後登錄

登錄系統,讀取身份和密碼,然後登錄

2017-02-13 98 views
0

現在我想做一個登錄系統。如果用戶存在,我想檢查表管理員,如果是這種情況,讓他登錄。我沒有編碼系統登錄,但它不起作用。任何建議或解決方案是受歡迎的登錄系統,讀取身份和密碼,然後登錄

問候A.V

<?php 
    ob_start(); 
    session_start(); 
?> 

<html lang="en"> 

<head> 
    <title>Foredeck Login.com</title> 
    <link href="css/bootstrap.min.css" rel="stylesheet"> 

    <style> 
     body { 
      padding-top: 40px; 
      padding-bottom: 40px; 
      background-color: #6495ED; 
     } 

     .form-signin { 
      max-width: 330px; 
      padding: 15px; 
      margin: 0 auto; 
      color: #000000; 
     } 

     .form-signin .form-signin-heading, 
     .form-signin .checkbox { 
      margin-bottom: 10px; 
     } 

     .form-signin .checkbox { 
      font-weight: normal; 
     } 

     .form-signin .form-control { 
      position: relative; 
      height: auto; 
      -webkit-box-sizing: border-box; 
      -moz-box-sizing: border-box; 
      box-sizing: border-box; 
      padding: 10px; 
      font-size: 16px; 
     } 

     .form-signin .form-control:focus { 
      z-index: 2; 
     } 

     .form-signin input[type="text"] { 
      margin-bottom: 0 px; 
      border-bottom-right-radius: 0; 
      border-bottom-left-radius: 0; 
      border-color: #000000; 
     } 

     .form-signin input[type="password"] { 
      margin-bottom: 10px; 
      border-top-left-radius: 0; 
      border-top-right-radius: 0; 
      border-color: #000000; 
     } 

     h3 { 
      text-align:; 
      color: #000000; 
     } 

     h1 { 
      text-align:; 
      color: #000000; 
     } 
    </style> 

</head> 

<body> 
    <div class="container form-signin"> 

     <?php 
      include("bdconnect_Foredeck.php"); 
      $link=Mysqli_connect($host,$login,$pass,$dbname); 
      $msg = ''; 

      if (isset($_POST['login']) && !empty($_POST['username']) && !empty($_POST['password'])) { 

       $Identifiant = $_POST['username']; 
       $MotPasse = $_POST['password']; 

       $recherche= "SELECT * FROM admin WHERE Identifiant ='$Identifiant' And Mdp_Admin='$MotPasse'"; 
       mysqli_query($link,$recherche); 
       $result= mysqli_query($link,$recherche); 

       while($row = mysqli_fetch_assoc($result)){ 

        $Identifiant = $row["Identifiant_Admin"]; 
        $MotPasse = $row["Mdp_Admin"]; 
       } 
       if ($_POST['username'] == $Identifiant['username'] && $_POST['password'] == $MotPasse['password']) { 
       $_SESSION['valid'] = true; 
       $_SESSION['timeout'] = time(); 
       $_SESSION['username'] = 'foredeckadmin'; 
       $msg ='Connexion Réussite'; 
       echo " 
       <script type='text/javascript'> 
        alert('Connexion Réussite'); 
        window.location = 'foredeck.php'; 
       </script>"; 

       header("refresh:3 location: foredeck.php"); 
      } 
      else if ($_POST['username'] == 'Isabelle' && $_POST['password'] == 'Isabelle1'){ 
       $_SESSION['valid'] = true; 
       $_SESSION['timeout'] = time(); 
       $_SESSION['username'] = 'foredeckadmin'; 
       $msg ='Connexion Réussite'; 
       echo " 
       <script type='text/javascript'> 
        alert('Connexion Réussite'); 
        window.location = 'foredeck_superadmin.php'; 
       </script>"; 

       header("refresh:3 location: foredeck_superadmin.php"); 
      } 


      else { 
       $msg='Identifiant ou Mot de Passe incorrecte'; 
        $msg = " 
        <script type='text/javascript'>alert('$msg')</script>"; 
       } 
      } 
     ?> 
    </div> <!-- /container --> 

    <div class="container"> 

     <form class="form-signin" role="form" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="post"> 
      <h4 class="form-signin-heading"><?php echo $msg; ?></h4> 
      <h1>[email protected]</h1> 
      <h3>Entrer l'identifant et le mot de passe:</h3> 
      <input type="text" class="form-control" name="username" placeholder="Identifiant " required autofocus><br/> 
      <input type="password" class="form-control" name="password" placeholder="Mot de passe" required> 
      <br> 

      <button class="btn btn-lg btn-primary btn-block" type="submit" name="login"> 
       Se connecter 
      </button> 
     </form> 
    </div> 
</body> 
</html>

來源

2017-02-13 A.V

+1

而不是'Mdp_Admin ='MotPasse''對不對? – affaz

+0

以及我想我需要存儲變量來比較它們登錄的權利? [一個幫助截圖](https://cdn.discordapp.com/attachments/240225788715204609/280663850485940224/unknown.png) –

+0

這可能是非常有用的:http://stackoverflow.com/questions/34358552/login-system- with-mysqli –

回答

0

使用mysqli_num_rows得到計數知道用戶名和密碼是否在`select`查詢你的意思是它是`Mdp_Admin ='$ MotPasse'`存在

<?php 
      include("bdconnect_Foredeck.php"); 
      //establishing connection 
      $link=mysqli_connect($host,$login,$pass,$dbname); 
      //display error in connection if any 
      if (mysqli_connect_errno()) 
      { 

       echo 「MySQLi Connection was not established: 」 . mysqli_connect_error(); 

      }  
      $msg = ''; 

      if (isset($_POST['login']) && !empty($_POST['username']) && !empty($_POST['password'])) 
      { 

      $Identifiant = $_POST["username"];  
      $MotPasse = $_POST["password"];   

      $recherche= "SELECT * FROM admin WHERE Identifiant ='$Identifiant' And Mdp_Admin='$MotPasse'";   

      $result= mysqli_query($link,$recherche); 

      $check_user = mysqli_num_rows($result); 
      //checks if the username and password exists 
      if($check_user>0){ 


       $_SESSION['valid'] = true; 
       $_SESSION['timeout'] = time(); 

       $msg ='Connexion Réussite'; 
       //redirect to admin 
       if($_POST['username'] == 'Isabelle' && $_POST['password'] == 'Isabelle1'){ 
        $_SESSION['username'] = $Identifiant; 
        echo "<script type='text/javascript'>alert('Connexion Réussite'); 
        window.location='foredeck_superadmin.php'; </script>"; 

        header("refresh:3 location: foredeck_superadmin.php"); 
       } 
       else 
       { 
        //redirect to homepage 
        $_SESSION['username'] = 'foredeckadmin'; 
        echo "<script type='text/javascript'>alert('Connexion Réussite'); 
        window.location='foredeck.php'; </script>"; 

        header("refresh:3 location: foredeck.php"); 



       } 
      } 
      else { 
       //error message 
       $msg='Identifiant ou Mot de Passe incorrecte'; 
       $msg = "<script type='text/javascript'>alert('$msg')</script>"; 
      } 
     } 
    ?>

來源

2017-02-13 12:26:15 affaz

+0

警告:mysqli_fetch_array()期望參數1是mysqli_result,布爾在C:\ wam中給出第101行上的p \ www \ Foredeck \ login.php:$ row = mysqli_fetch_array($ result); @affaz –

+0

@AV檢查我的答案..我有編輯..你只需要得到計數..PSthats不是你的錯誤的原因..但這會更簡單,你開始 – affaz

+0

沒關係,我確實解決了這個錯誤已經無論如何@afaz你的代碼也不錯。 –

0

這是一個系統,它可以幫助你。無論如何,這不是最安全的系統使用。 基本上,您必須創建一個數據庫,其中將包含您需要登錄到您的網站/應用程序的任何信息。

請注意,我使用$ _POST ['email']作爲用戶名,$ _POST ['password']作爲密碼。

<?php 
session_start(); 
$host = ''; //HOST OF YOUR DATABASE; 
$user = ''; //USERNAME TO ACCESS YOUR DATABASE; 
$pass = ''; //PASSWORD TO ACCESS YOUR USERNAME; 
$database = ''; //DATABASE TO CONNECT; 
$conn = new mysqli($host,$user,$pass,$database); 
if(isset($_POST["login"])) { 
$email=$_POST["email"]; 
$sql = "SELECT * FROM users WHERE email='$email'"; 
$result = $conn->query($sql); 
if ($result->num_rows > 0) 
{ 
while($row = $result->fetch_assoc()) { 
    if($row["password"]==md5($_POST["password"])) { 
     $_SESSION['your_site_username'] = $row['email']; 
     header("Location: YOUR PROFILE PAGE"); 
    } 
    else { 
     $error = "Your password is incorrect."; 
     echo $error; 
    } 
} 
} 
else { 
$error = "There is no user with this email."; 
echo $error; 
} 
?>

安全

當你插入一個新的用戶到用戶的數據庫,你需要用散列的MD5方法的密碼。 我建議您激活php.ini文件中的magic_quotes_gpc選項,以確保您不會成爲SQL注入的受害者。類型轉換也可以避免SQL注入,這是文檔:http://php.net/manual/en/language.types.type-juggling.php。 這可以幫助你:How can I prevent SQL injection in PHP?

來源

2017-02-13 11:46:49 DamiToma

+0

爲什麼不是使用'password_hash()'和'password_verify()'來進行密碼散列,而不是舊的容易破解md5 –

+0

@MasivuyeCokile它可以是一個解決方案,但正如我在開始時所說的,這是一個用於新PHP用戶的簡單腳本 – DamiToma

+0

我根據你的答案編輯了我的帖子,請把握戰利品。是的,我的新的php。 –

相關問題

 相關問題