Question

我一直想弄清楚我做错了什么。当它检查用户是否在第26行被激活时，即使用户被激活，它也会将用户发送到第38行，该第38行告诉他们他们的用户名或密码不正确但是它们是正确的。您可以在代码的左侧找到两行。

   <?php
      require("includes/inc.php");
      if ($_SESSION['username'] != null){
        # Redirect the user to the member area
        header('Location: member.php');
      } else {
        # Check if the user is trying to login
        if ($_GET['do'] == "login"){
          # If they are, process the details they have provided. Else, continue with showing the form
          $username = trim(sanitize($_POST['username']));
          $password = trim(sanitize($_POST['password']));
          # Check if the username and password are empty
          if (($username == null) || ($password == null)){
            header('Location: login.php?error=field_blank');
          } else {
            $query_accounts = mysql_query("SELECT * FROM users WHERE `username` = '$username' LIMIT 1");
            $query_count = mysql_num_rows($query_accounts);
            if ($query_count == null){
              // User not found
              header('Location: login.php?error=details_wrong');
            } else {
//Line 26          $active = mysql_fetch_array($query_accounts);
                if ($active['active'] == 0) {
                    header('Location: login.php?error=activate');
                } else {
                   $accounts = mysql_fetch_array($query_accounts);
                    // Check if the password matches the user's password
                     if ($accounts[password] == password($password)){
                    // The password is correct, start a session for the user
                        $_SESSION['username'] = $username;
                        header('Location: member.php');
                    } else {
                    // Incorrect password
//Line 38                   header('Location: login.php?error=details_wrong');
                }
              }
            }
          }
        } else {
    ?>
    <!doctype html>
    <html>
    <head>
    <title>PHP Login & Registration</title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <link rel="stylesheet" type="text/css" href="css/style.css" />
    <div id="main">  
    <h1>Login</h1>
    </head>
    <body>
        Need a account? <a href="register.php">Register</a>
        <!-- Display Messages -->
        <?php
          # -> Messages
          if ($_GET['error'] == "field_blank"){ echo "<div class='error'>The username and/or password field was left blank</div>\n"; }
          elseif ($_GET['error'] == "details_wrong"){ echo "<div class='error'>The username and/or password was incorrect</div>\n"; }
          elseif ($_GET['error'] == "activate"){ echo "<div class='error'>Please activate your account.</div>\n"; }
          elseif ($_GET['success'] == "logout"){ echo "<div class='success'>You are now logged out</div>\n"; }
          elseif ($_GET['success'] == "complete"){ echo "<div class='success'>You are now registered, please activate your account by visiting your email.\n"; }
        ?>

          <!-- Login Form -->
          <form action="?do=login" method="post" autocomplete="on">
            <fieldset>
            <p>Username</p>
            <input type="text" name="username" size="40" maxlength="20" /> <br />
            <p>Password</p>
            <input type="password" name="password" size="40" maxlength="30" /> <br />
            <input type="submit" value="Login" style="width:80px;" />
            </fieldset>
        <?php include "footer.php"; ?>
          </form>
    </div>
    </body>
    </html>
    <?php
        } // End Check Login
      } // End check if logged in
    ?>

Answer 1

对我来说唯一突出的是下面一行

                 if ($accounts[password] == password($password)){

该密钥将被转换为PHP常量，我最好的猜测是查看您的代码，尚未定义。将密钥包装在引号中，如下所示。

                 if ($accounts["password"] == password($password)){

我希望这有助于解决您的问题：）

Answer 2

有一些问题：

a）你得到两次行（第26行$ active = mysql_fetch_array（$ query_accounts）;并且在$ accounts = mysql_fetch_array（$ query_accounts）之下; - 这可能会给你两个不同的行，当真的可能只有一行时match - 每次“fetch”将指针向下移动

b）检查您的变量类型。

i）mysql_num_rows返回整数，但是你要比较null

ii）同时检查$ row ['active']返回值0而不是字符串null或空白。在两种情况下检查否定值可能更安全，即

if (mysql_num_rows($result) > 0) {

    if ($row['active']) {
        // active state
    } else {
        // inactive state
    }
} else {
    // Not found
}

Answer 3

发送无效（转到登录）标题后不要死？

Answer 4

您唯一的解决方案是简化！这样：

if (...) {
    if (...) {
        if (...) {
            ...
        }
    } else {
        ...
    }
    ...
} else {
    ...
}

更好地表达为：

if ($someImportantCondition == false) {
    die('Important condition not met');
}

...

if ($someOtherImportantCondition == false) {
   die('Some other important condition not met');
}

...

echo 'Success!';

您可以显示错误，使用die重定向，header错误页面，include来自函数或您需要执行此操作的任何其他内容，而不仅仅是return。 在此时停止逻辑。将这种流动变成正常人类可以理解的形式，然后你的问题就会消失。

Answer 5

我使用符号

if (...)
{
   if (...)
   {
      ...
   }
   else
   {
      ...
   }

}
else
{
   ...   

}

然后，您可以轻松识别else部分与if位匹配的内容。

如果您对代码执行此操作，则可以找出问题所在。

Answer 6

我认为您对$accounts = mysql_fetch_array($query_accounts);

有疑问

$ accounts是包含行和列的数组，作为

时需要使用的索引

while($accounts = mysql_fetch_array($query_accounts))
{

}

if和else格式？ PHP

6 个答案: