有人知道可能出了什么问题吗?我什么都试过了,什么都找过了,但一无所获。可能只是有一个我看不见的打字错误。
功能类别
function validate_credentials($user_name, $user_password) {
$user_name = mysql_real_escape_string($user_name);
$user_password = sha1($user_password);
$result = mysql_query("SELECT `user_id` FROM `users` WHERE `user_name` = '{$user_name}' AND `user_password` = '{$user_password}'");
if (mysql_num_rows($result) !== 1) {
return false;
}
return mysql_result($result, 0);
}
类
include('./core/user.inc.php');
if (isset($_POST['user_name'], $_POST['user_password'])) {
if (($user_id = validate_credentials($_POST['user_name'], $_POST['user_password'])) != false) {
$_SESSION['user_id'] = $user_id;
header('Location: ./messages/');
die();
}
}
这是我的HTML:
<form method="post" action="./sign-in.php">
<input type="text" name="user_name" id="user_name" placeholder="Username" />
<input type="password" name="user_password" id="user_password" placeholder="Password" />
<input type="submit" placeholder="Confirm Password" value="Sign in" />
</form>
您可以尝试
$user_id = validate_credentials($_POST['user_name'], $_POST['user_password'])
if($user_id){
$_SESSION['user_id'] = $user_id; blahblah}
function validate_credentials($user_name, $user_password) {
$user_name = trim(mysql_real_escape_string($user_name));
$user_password = trim(mysql_real_escape_string(sha1($user_password)));
$result = @mysql_query("SELECT user_id FROM users WHERE user_name = '".$user_name."' AND user_password = '".$user_password."'");
if (mysql_num_rows($result) != 1) {
return false;
}
return mysql_result($result, 0);
}
include('./core/user.inc.php');
if (isset($_POST['user_name']) && isset($_POST['user_password'])) {
$user_id = validate_credentials($_POST['user_name'], $_POST['user_password']);
if ($user_id) {
$_SESSION['user_id'] = $user_id;
header('Location: ./messages/');
die();
}
}