嗨,我制作了一个登录脚本,但它不会让我登录,而且一直告诉我匹配不正确。这是我的代码:
include_once("dbConnect.php");
// Set the posted data from the form into local variables
$usname = strip_tags($_POST['username']);
$paswd = strip_tags($_POST['password']);
$usname = mysqli_real_escape_string($dbCon, $usname);
$paswd = mysqli_real_escape_string($dbCon, $paswd);
$sql = "SELECT * FROM user WHERE username = '$usname' AND usertype = '1' LIMIT 1";
$query = mysqli_query($dbCon, $sql);
$row = mysqli_fetch_row($query);
$uid = $row[0];
$dbUsname = $row['username'];
$dbPassword = $row['password'];
// Check if the username and the password they entered was correct
if ($usname == $dbUsname && $paswd == $dbPassword) {
// Set session
$_SESSION['username'] = $usname;
$_SESSION['id'] = $uid;
// Now direct to users feed
header("Location: user.php");
} else {
echo "<h2>Oops that username or password combination was incorrect.
<br /> Please try again.</h2>";
}
用户名为admin,密码为PPsleep1,用户类型为1,您可以自己尝试:http://daltyapps.com/daltyapps/portfolio/paypal/log/index.php
根据目前的情况,我可以建议您在代码中进行以下修复:
<?php
include_once("dbConnect.php");
// Set the posted data from the form into local variables
$usname = strip_tags($_POST['username']);
$paswd = strip_tags($_POST['password']);
$usname = mysqli_real_escape_string($dbCon, $usname);
$paswd = mysqli_real_escape_string($dbCon, $paswd);
// use both username and password to retrieve records from table
$sql = "SELECT * FROM user WHERE username = '$usname' AND password = '$paswd' AND usertype = '1'";
$query = mysqli_query($dbCon, $sql);
if($query) // check if query runs properly or is having any error
{
if(mysqli_num_rows($query) == 1) // check if ony one user with 'USERNAME - PASSWORD' pair exists in database
{
$row = mysqli_fetch_row($query);
$uid = $row[0];
$dbUsname = $row[INDEX_OF_USERNAME_FIELD];
// Set session
$_SESSION['username'] = $usname;
$_SESSION['id'] = $uid;
// Now direct to users feed
header("Location: user.php");
}
else
{
echo "<h2>Oops that username or password combination was incorrect.
<br /> Please try again.</h2>";
}
}
else
{
echo "Error in query ".mysqli_error($dbCon);
}
?>
使用以下代码,
include_once("dbConnect.php");
// Set the posted data from the form into local variables
$usname = strip_tags($_POST['username']);
$paswd = strip_tags($_POST['password']);
$usname = mysqli_real_escape_string($dbCon, $usname);
$paswd = mysqli_real_escape_string($dbCon, $paswd);
$sql = "SELECT * FROM user WHERE username = '$usname' AND usertype = '1' LIMIT 1";
$query = mysqli_query($dbCon, $sql);
$row = mysqli_fetch_array($query); /*comment - have replace row with array*/
$uid = $row[0];
$dbUsname = $row['username'];
$dbPassword = $row['password'];
// Check if the username and the password they entered was correct
if ($usname == $dbUsname && $paswd == $dbPassword) {
// Set session
$_SESSION['username'] = $usname;
$_SESSION['id'] = $uid;
// Now direct to users feed
header("Location: user.php");
} else {
echo "<h2>Oops that username or password combination was incorrect.
<br /> Please try again.</h2>";
}
要使用的第二个选项
include_once("dbConnect.php");
// Set the posted data from the form into local variables
$usname = strip_tags($_POST['username']);
$paswd = strip_tags($_POST['password']);
$usname = mysqli_real_escape_string($dbCon, $usname);
$paswd = mysqli_real_escape_string($dbCon, $paswd);
$sql = "SELECT * FROM user WHERE username = '$usname' AND usertype = '1' LIMIT 1";
$query = mysqli_query($dbCon, $sql);
$row = mysqli_fetch_row($query);
$uid = $row[0];
$dbUsname = $row[1]; /*comment - if column username after column id in table */
$dbPassword = $row[2]; /*comment - if column password after column username in table*/
// Check if the username and the password they entered was correct
if ($usname == $dbUsname && $paswd == $dbPassword) {
// Set session
$_SESSION['username'] = $usname;
$_SESSION['id'] = $uid;
// Now direct to users feed
header("Location: user.php");
} else {
echo "<h2>Oops that username or password combination was incorrect.
<br /> Please try again.</h2>";
}