我的登录代码存在一些问题。我知道我不是在加密密码,但这只是为了现在的学习基础。
所以我知道我从我的表单中获取值,因为当我提供正确的登录时,它会将我引导至member-index.php,然后立即将我重定向到 access-denied.php 因为我的会话设置不正确?
当我提供无效登录时,它不会将我重定向到login-failed.php它只是位于 login.php 上,并带有一个空页面,这是我指向它的地方表格输入。
这是我的db表供参考:
表:登录
+---------+----------+--------
| login_ID | Login_PW| auth |
+-------=--+---------+--------
| User_test| 123 | null |
+----------+---------+--------
<?php
function clean($str)
{
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return $str;
}
//Sanitize the POST values
if (isset($_POST['username']))
{
$username = clean($_POST['username']);
}
if (isset($_POST['password']))
{
$password = clean($_POST['password']);
}
/* Create a new mysqli object with database connection parameters */
$mysqli = mysqli_connect('localhost', 'root', '', 'draftdb');
if(mysqli_connect_errno())
{
echo "Connection Failed: " . mysqli_connect_errno();
exit();
}
/* Is your username the same as the login_id? If not you need to change this query's where to use the username column not the login_id. */
/* Create a prepared statement */
if($stmt = $mysqli -> prepare("
SELECT Login_ID, Login_PW
FROM login
WHERE Login_ID=? AND Login_PW=?
"))
{
/* Bind parameters
s - string, b - boolean, i - int, etc */
$stmt -> bind_param("ss", $username, $password);
/* Execute it */
$result = $stmt -> execute();
/* Bind results to variables that will be used within the fetch() loop. */
$stmt -> bind_result($username, $password);
//Check whether the query was successful or not
if ($result === false)
{
die("Query failed");
}
/* Iterate over the results of the query. */
while ($stmt->fetch())
{ //while loop open
if($_POST['username'] == $username && $_POST['password'] == $password)
{
//$member = mysqli_fetch_assoc($result);
session_regenerate_id();
/* We can create a _SESSION cause we binded the result to those variables above. */
//$_SESSION['SESS_MEMBER_ID'] = $username;
$_SESSION['username'] = $_POST['username'];
session_write_close();
header("location: member-index.php");
exit();
}
elseif($result -> num_rows == 0 )
{
header("location: login-failed.php");
exit();
}
}//while loop close
/* Close statement */
$stmt -> close();
}//main if close
/* Close connection */
$mysqli -> close();
会员-的index.php
<?php
//Start session
session_start();
//Check whether the session variable SESS_MEMBER_ID is present or not
if(!$_SESSION['username']) {
header("location: access-denied.php");
exit();
}
?>
答案 0 :(得分:0)
/* Execute it */
$result = $stmt -> execute();
$stmt -> store_result();
.
.
.
elseif($stmt -> num_rows == 0 ) // note $stmt instead of $result
应该这样做