目前我正在开发一个允许您注册和登录的脚本。注册工作完美,但我的登录显示错误(即错误 - 登录无效。没有这样的用户存在(PHP脚本的最后一行,甚至用户存在)。我的mysql表是users1.我的代码登录表格及其处理如下 -
<?php
include 'dbc.php';
$err = array();
foreach($_GET as $key => $value) {
$get[$key] = filter($value); //get variables are filtered.
}
if ($_POST['doLogin']=='Login')
{
foreach($_POST as $key => $value) {
$data[$key] = filter($value); // post variables are filtered
}
$email = $data['email'];
$pass = $data['password'];
if (strpos($email,'@') === false) {
$user_cond = "username='$email'";
} else {
$user_cond = "email='$email'";
}
$result = mysql_query("SELECT `id`,`password`,`full_name`,`approved` FROM users1 WHERE
$user_cond
AND `banned` = '0'
") or die (mysql_error());
$num = mysql_num_rows($result);
// Match row found with more than 1 results - the user is authenticated.
if ( $num > 0 ) {
list($id,$password,$full_name,$approved) = mysql_fetch_row($result);
if(!$approved) {
//$msg = urlencode("Account not activated. Please check your email for activation code");
$err[] = "Account not activated. Please check your email for activation code";
//header("Location: login.php?msg=$msg");
//exit();
}
//check against salt
if ($password === password($pass,substr($password,0,9))) {
if(empty($err)){
// this sets session and logs user in
session_start();
session_regenerate_id (true); //prevent against session fixation attacks.
// this sets variables in the session
$_SESSION['user_id']= $id;
$_SESSION['username'] = $full_name;
$_SESSION['HTTP_USER_AGENT'] = $_SERVER['HTTP_USER_AGENT'];
//update the timestamp and key for cookie
$stamp = time();
$ckey = GenKey();
mysql_query("update users1 set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error());
//set a cookie
if(isset($_POST['remember'])){
setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
setcookie("username",$_SESSION['username'], time()+60*60*24*COOKIE_TIME_OUT, "/");
}
header("Location: myaccount.php");
}
}
else
{
//$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
$err[] = "Invalid Login. Please try again with correct user email and password.";
//header("Location: login.php?msg=$msg");
}
} else {
$err[] = "Error - Invalid login. No such user exists";
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>
Members' Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script>
<script language="JavaScript" type="text/javascript" src="js/jquery.validate.js"></script>
<script>
$(document).ready(function(){
$("#logForm").validate();
});
</script>
<link href="styles.css" rel="stylesheet" type="text/css">
</head>
<body>
<table width="100%" border="0" cellspacing="0" cellpadding="5" class="main">
<tr>
<td colspan="3"> </td>
</tr>
<tr>
<td width="160" valign="top"><p> </p>
<p> </p>
<p> </p></td>
<td width="732" valign="top"><p> </p>
<h3 class="titlehdr"><b>Login</b>
</h3>
<p>
<?php
if(!empty($err)) {
echo "<div class=\"msg\">";
foreach ($err as $e) {
echo "$e <br>";
}
echo "</div>";
}
?></p>
<form action="login.php" method="post" name="logForm" id="logForm" >
<table width="65%" border="0" cellpadding="4" cellspacing="4" class="loginform">
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td width="38%">Username / Email</td>
<td width="62%"><input name="usr_email" type="text" class="required" id="txtbox" size="25"></td>
</tr>
<tr>
<td>Password</td>
<td><input name="password" type="password" class="required password" id="txtbox" size="25"></td>
</tr>
<tr>
<td colspan="2"><div align="center">
<input name="remember" type="checkbox" id="remember" value="1">
Remember me</div></td>
</tr>
<tr>
<td colspan="2"> <div align="center">
<p>
<input name="doLogin" type="submit" id="doLogin3" value="Login">
</p>
<p><a href="register.php">Register Free</a><font color="#FF6600">
|</font> <a href="forgot.php">Forgot Password</a> <font color="#FF6600">
</font></p>
</div></td>
</tr>
</table>
<div align="center"></div>
<p align="center"> </p>
</form>
<p> </p>
</td>
<td width="196" valign="top"> </td>
</tr>
<tr>
<td colspan="3"> </td>
</tr>
</table>
</body>
</html>
答案 0 :(得分:0)
代替if(strpos($email,'@'))尝试此操作,而不是让您的搜索动态,您需要传递参数$username和$email,如下所示:
SELECT `id`,`password`,`full_name`,`approved` FROM users1
WHERE 1 = 1
AND ($email IS NULL OR email = $email)
AND ($username IS NULL OR username = $username)
AND `banned` = '0'
请注意,您必须使用PDO或预准备语句,而不是使用连接到mysql数据库的方式。