//admin_login.php
<?php
session_start();
if(isset($_SESSION["member"])){
header("location:index.php");
exit();
}
?>
<?php
if(isset($_POST["username"]) && isset($_POST["password"])){ // <- Check the user has clicked the button
$manager = preg_replace('#[A-Za-z0-9]#i',"",$_POST["username"]);
$password = preg_replace('#[A-Za-z0-9]#i',"",$_POST["password"]);
include "../storescripts/connect_to_mysql.php";
$sql = mysql_query("SELECT * FROM admin WHERE username ='$manager' AND password ='$password'LIMIT 1");
$exist_count = mysql_num_rows($sql);
if($exist_count == 1){
while(mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["id"]= $id;
$_SESSION["manager"]= $manager;
$_SESSION["password"]= $password;
header("location:index.php");
exit();
}
else{
echo 'This information is incorrect,try again <a href = "index.php">Click Here</a>';
exit();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> AdminLogin</title>
<link rel="stylesheet" href="../style/style.css" type="text/css" media="screen"/>
</head>
<body>
<div id="mainWrapper" >
<?php include_once("../template_header.php");?>
<div id="pageContent" >
<div align="left" "style="margin-left:040px;"><h1>Please login to continue</h1><br />
</div>
<form id="form1" name="form1" method="post" action="admin_login.php">
UserName<br />
<input type="text" name="username" id="username" size="40"/>
Password<br />
<input type="password" name="password" id="password" size="40"/>
<br />
<br />
<br />
<input type="submit" name="button" id="button" value="LogIn"/>
</form>
</div>
<?php include_once("../template_header.php");?>
</div>
</body>
</html>
//index.php
<?php
session_start();
if(!isset($_SESSION["member"])){
header("location:admin_login.php");
exit();
}
$managerID = preg_replace('#[^0-9]#i',"",$_SESSION["id"]);
$manager = preg_replace('#[A-Za-z0-9]#i',"",$_SESSION["manager"]);
$password = preg_replace('#[A-Za-z0-9]#i',"",$_SESSION["password"]);
include "../storescripts/connect_to_mysql.php";
$sql = mysql_query("SELECT * FROM admin WHERE id ='managerID' AND username ='$manager' AND password ='$password'LIMIT 1");
$exist_count = mysql_num_rows($sql);
if($exist_count == 0){
echo("Your login session data in not in the database");
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<html >
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Service Admin Area</title>
<link rel="stylesheet" href="../style/style.css" type="text/css" media="screen"/>
</head>
<body>
<div id="mainWrapper" >
<?php include_once("../template_header.php");?>
<div id="pageContent" >
<div align="left" "style="margin-left:040px;"><h1>Hello Store Manager .What would you loke to do today</h1><br />
<h3><a href="inventory_list.php">Manage Inventory</a></h3><br/><h3><a href="">Manage Me</a></h3><br/></div></div>
<?php include_once("../template_header.php");?>
</div>
</body>
</html>
我面临的问题是,即使我输入了我通过phpmyadmin设置的数据库中指定的正确用户名和密码,我也无法登录index.php页面。每次我尝试登录时都会调用echo 'This information is incorrect,try again Click Here'中提到的admin_login.php。我有点沮丧。你能救我一下吗?
答案 0 :(得分:1)
尝试一些调试;
并且(一旦它正常工作),请在数据库中的密码字段中添加crypt()或md5()+ salt。
答案 1 :(得分:0)
我非常确定preg_replace正在清空你的变量
$manager = preg_replace('#[A-Za-z0-9]#i',"",$_POST["username"]); $password = preg_replace('#[A-Za-z0-9]#i',"",$_POST["password"]);
根据php docs http://uk.php.net/manual/en/function.preg-replace.php
你试过删除它们吗?