我忙了几个小时来解决这个问题,但它不起作用。我的逻辑必须有效,但不是,这是我最后一个问问题的地方,我现在正在做,希望有人能帮我。我尝试使用MySqli检查MySql数据库中的$_POST值,并检查计数是否正确。之后,我检查密码是否与给定的密码相同。我使用了这种方式,这样我就可以确定用户是否提供了无效的用户名或密码,并向他们显示有关它的错误。我目前所知道的是,登录脚本不会读取$_POST中的任何值。我需要一些很好的帮助。这是代码:
HTML:
<form action="inc/login.php" method="post">
<label for="gr_username">Gamertag </label>
<input type="text" id="gr_username" name="gr_username" class="panel panel-default" placeholder="GT" style="width:120px;height:25px;"/>
<br>
<label for="gr_password">Password </label>
<input type="password" id="gr_password" name="gr_password" class="panel panel-default" placeholder="Password" style="width:120px;height:25px;"/>
<br><br>
<input type="submit" id="submit" class="btn btn-primary" value=" LOGIN "/>
</form>
PHP:
<?php
error_reporting(-1);
ini_set('display_errors', 'On');
include_once('../../inc/db.php');
$link = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
$username = mysqli_real_escape_string($_POST['gr_username']);
$password0 = mysqli_real_escape_string($_POST['gr_password']);
$password = hash('whirlpool', $password0);
if(!$link)
{
header('Location: ../login.php?err=Servers not available at the moment! Please try again later. [ERRCODE: L01]');
}
$sql = "SELECT * FROM leaders WHERE username = '" . $username . "'";
$res = mysqli_query($link, $sql);
if(!$res)
{
header('Location: ../login.php?err=Servers not available at the moment! Please try again later. [ERRCODE: L03]');
}
else
{
$totalrows = mysqli_num_rows($res);
if ($totalrows > 0) {
while($row = mysqli_fetch_assoc($res))
{
if ($password == $row['password']) {
$_SESSION['gamertag'] = $row['username'];
$_SESSION['socialclub'] = $row['socialclub'];
$_SESSION['leaderid'] = $row['id'];
} else {
header('Location: ../login.php?err=Invalid Password! Try again.');
}
}
header('Location: ../index.php?grmsg=You are successfully logged into the Leader Panel!');
} else {
header('Location: ../login.php?err=Username not found! Try again.');
}
}
?>
希望你能帮我。提前感谢!
- A
由于得到了Invalid Password! Try again.
,这意味着至少找到了用户。
这证实了查询有效,但也意味着:
hash('whirlpool', $password0) != $row['password']
这就是你需要调查为什么不满足条件的地方。
首先,如果我是你,我会做:
if ($password == $row['password']) {
//works
} else {
//header('Location: .....');
echo "Invalid Password! Try again";
echo "password0 : ".$password0."<br>";
echo "password hashed : ".$password."<br>";
echo "password from db : ".$row['password']."<br>";
}
- 既然你使用了漩涡,请确保你的田地足够长
- 请确保将哈希保存到数据库中,而不是普通密码(危险)
否则,您将不得不再次对数据库值hash('whirlpool', $row['password']);
进行散列,这将破坏散列的全部目的。
希望这能帮助
试试这个。。。。
<?php
session_start();
include ('connect.php');
$login_id = mysql_real_escape_string($_POST['login_id']);
$password = mysql_real_escape_string(SHA1($_POST['password']));
//your hash function here...
include('connect.php');
$chk = mysql_query("SELECT * FROM admin where name = '$login_id' AND password = '$password';");
$count = mysql_num_rows($chk);
if($count=='1')
{
$_SESSION['name'] = $login_id;
//to loggoed on page
header("location:admin.php?id=1");
}
else {
echo "<script>
alert('Invalid Login...');
window.location.href='index.php';
</script>";
}
?>