我有一个登录页面。注册页面工作正常,但我的登录页面有问题。当我成功登录时,它应该将我重定向到名为members.php的页面,而只是停留在同一页面上并且不在哪里。这是我的login.php页面的代码,我认为可能会出现问题:
<?php
mysql_connect("localhost", "user", "pass") or die(mysql_error());
mysql_select_db("db_name") or die(mysql_error());
if (isset($_COOKIE['ID_my_site'])) {
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
while ($info = mysql_fetch_array($check)) {
if ($pass != $info['password']) {
} else {
header("Location: members.php");
}
}
}
if (isset($_POST['submit'])) { // if form has been submitted
if (!$_POST['username'] | !$_POST['pass']) {
die('<h1 class="error"></h1><p>You missed something</p>');
}
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE username = '" . $_POST['username'] . "'") or die(mysql_error());
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('<h1 class="error"></h1><p>That user does not exist in our database</p>');
}
while ($info = mysql_fetch_array($check)) {
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
if ($_POST['pass'] != $info['password']) {
die('<h1 class="error"></h1><p>Incorrect password, please try again</p>');
} else {
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
header("Location: members.php");
}
}
} else {
?>
<h1 class="login"></h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p>Username</p><input type="text" class="username" name="username">
<p>Password</p><input type="password" class="password" name="pass">
<div><button type="submit" name="submit" value="Login">Log in</button></div>
</form>
<?php
}
?>
答案 0 :(得分:0)
问题可能出在这一行:
if ($pass != $info['password']) {
}
如果密码不匹配,它告诉脚本什么都不做。尝试在那里发消息,例如:
if ($pass != $info['password'])
{
die('invalid login');
}
如果这不起作用,请在整个页面中放置echo语句,以便您可以跟踪执行过程中发生的情况。即,echo 'checking login <br />', echo 'login checked..<br />'
等。
另一方面,你绝对应该加密你的密码,不要以纯文本形式存储密码,或者如果你的网站遭到黑客攻击(它发生在许多大牌上),他们将以纯文本形式提供每个人的密码。
此外,通过$username
确切地了解您的查询内容,您可以将您的网站打开sql injection,如果您不想被黑客攻击,我建议您阅读它
答案 1 :(得分:0)
首先尝试声明自己的变量,而不是重新初始化内置变量,例如$ _POST [&#39; pass&#39;] = md5($ _ POST [&#39; pass&#39;]) ; 至$ pass = md5($ _ POST [&#39; pass&#39;]);