在下面的代码中,我用数据库检查用户名和密码,然后运行if语句,允许用户查看页面,或者只向他们显示"请登录"消息。此时,即使密码相等,它也只返回错误的值。
我知道我可以在互联网上找到这方面的代码,但我想弄清楚我的逻辑(只是在我的脑海中)哪里出了问题。我也知道我还没有对数据进行净化,但这只是一个针对10年级学生的教程,他们只是用一点PHP学习HTML和CSS。稍后我将讨论保护数据的问题——一次一个概念。
谢谢你的帮助!
<?php
// connects to server
include('includes/connect2.php');
// sets post to variables don't know if this is needed
$user=$_POST[username];
$pass=$_POST[password];
?>
<?php
// query to find ifnoramtion in database
$result = mysqli_query($con, "SELECT * FROM social_register WHERE Login='$user'");
mysqli_real_escape_string($con, $user) . "'" );
$row = mysqli_fetch_assoc($result);
if ($pass == $row['Password']) { ?>
<div id="container">
<div id="banner">
The social Site
<div id="site_logo">
<img src="images/logo_thumb.gif" />
<?php
while($row = mysqli_fetch_array($result))
{
echo $row['First_Name'] . " " . $row['Last_Name'];
echo "<br>";
}
mysqli_close($con);
?>
</div>
</div>
<div id="person">
<h1>Welcome to your test web site</h1>
</div>
</div>
<?php
}
else
{
?>
<div id="container">
<div id="banner">
The social Site
<div id="site_logo">
<img src="images/logo_thumb.gif" />
</div>
</div>
<div id="person">
<h1>You have not loged into the site, please login.</h1>
</div>
<?php
}
?>
您应该在匹配password 之前使用mysqli_fetch_assoc获取数据
$user = mysqli_real_escape_string($con, $user);
$result = mysqli_query($con, "SELECT * FROM social_register WHERE Login = '".$user."'");
$row = mysqli_fetch_assoc($result);
if ($pass == $row['Password']) { ?>
好吧,我给你放了一个Login.php和一个Check.php,我希望你喜欢它…:p
试试看:
//Login.php
session_start(); //create the session
if(isset($_POST['login']))
{
$con = mysqli_connect("myhost","myuser","mypassw","mybd") or die("Error " . mysqli_error($con));
$user = mysqli_fetch_assoc(mysqli_query($con, "SELECT * FROM social_register WHERE Login='" . mysqli_real_escape_string($con, $user) . "'" ));
$pass = $user['Password']; //put the pass variable
if ( $pass == $user['Password'] ) {
$_SESSION['ready'] = true;
header('Location: you_page.php'); //redirect to your page when you have the correct pass
exit;
} else
{
?>
<script type="text/javascript">
<!--
alert('Incorrect Password')
//-->
</script>
<?php
}
}
//continue with the next block
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title> Login </title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<center>
<h3 style="color:#fff;">Password:<h3>
<form method="post" action="">
<input type="password" style="text-align:center;" name="pass"><br>
<input type="submit" name="login" value="Iniciar sesión">
</form>
</center>
</body>
</html>
//Check.php
<?php
session_start();
if (!isset($_SESSION['ready'])
|| $_SESSION['ready'] !== true) {
header('Location: login.php'); //Redirect to the login if you haven't the session set
exit;
}
?>
在your_page.php中,您必须输入:
require 'check.php';
注销.php
<?php
session_start();
if (isset($_SESSION['ready'])) {
unset($_SESSION['ready']);
}
header('Location: index.php');
exit;
?>