我不知道为什么这个PHP登录脚本无法正常工作。当我尝试登录时,它总是返回:“Ongeldig wachtwoord / gebruikersnaam!”。
这是剧本:
session_start();
include('connect.php');
// functie voor random key
function make_rand($length) {
$chars = "aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ1234567890";
$rand = '';
for ($i = 1; $i <= $length; $i++) {
$num = rand(0, strlen($chars));
$rand .= substr($chars, $num, 1);
}
return $rand;
}
此函数创建一个随机密钥以用作session_id。
// kijk of formulier is verzonden
if ($_SERVER['REQUEST_METHOD'] == "POST") { // indien verzonden
$query= mysql_query("SELECT * FROM customers WHERE name = '" .$_POST['inlognaam'] . "'");
服务器检查用户名是否存在..
if (mysql_num_rows($query) > 0) { // als er een gebruiker is gevonden
$user = mysql_fetch_object($query);
if ($user->password == isset($_POST['password'])) {
$_SESSION['user_id'] = $user->name;
$rand_key = make_rand(50); // maak een random string voor sessie session_id mbv van functie
$_SESSION['session_id'] = $rand_key;
// zet de sessie id in de db zodat we hem later kunnen controleren
mysql_query("UPDATE customers SET session_id = '" . $rand_key . "' WHERE name = '" . $_SESSION['inlognaam'] . "'");
$_SESSION['user_ip'] = $_SERVER['REMOTE_ADRESS'];
echo 'Inloggen is gelukt!';
}
当用户存在时,服务器创建session_id,将用户IP地址保存在user_ip中,并保存用户名(user_id)
else { // ongeldig wachtwoord
echo 'Ongeldig wachtwoord/gebruikersnaam!';
}
} else { // ongeldige gebruikersnaam
echo 'Ongeldig wachtwoord/gebruikersnaam!';
}
}
如果用户不存在,则回显:“Ongeldig gebruikersnaam / wachtwoord”(用户名/密码无效)。
else {
echo '<table id="loginbox">';
echo '<tr><td><b>Login:</b></td></tr>';
echo '<form action="test.php" method=\"post\">';
echo '<tr><td>Gebruikersnaam:</td></tr><tr><td> <input style="width:120;" name="inlognaam" type="text" id="inlognaam"> </td></tr>';
echo '<tr><td>Wachtwoord:</td></tr><tr><td> <input type="password" style="width:120;" name="password id="password"> </td></tr>';
echo '<tr><td><input type="submit" name="Submit" value="Login"></td></tr>';
echo '</table>';
}
这是登录表单。
编辑:我刚注意到它甚至没有使用PHP脚本,它只是将输入的内容写入URL ..
例如:
localhost/School/test.php?inlognaam=Thomas&password=british9&Submit=Login
答案 0 :(得分:3)
问题可能就在这里:
if ($user->password == isset($_POST['password']))
快速修复:
if ($user->password == $_POST['password'])
isset返回一个布尔值,告诉我是否设置了数组项,而不是项的值。
此外,在您的表单中,它说
name="password
应该是:
name="password"
除此之外,还有一些关于你的代码的说法:
$_POST[],始终将其撤消。array_key_exists检查$_POST中是否存在某个密钥。 isset()会生成警告。答案 1 :(得分:0)
当您检查密码时,您正在将用户密码值与isset的真或假返回值进行比较
答案 2 :(得分:0)
您从未设置$_SESSION['inlognaam'],因此请尝试替换:
mysql_query("UPDATE customers SET session_id = '" . $rand_key . "' WHERE name = '" . $_SESSION['inlognaam'] . "'");
使用:
mysql_query("UPDATE customers SET session_id = '" . $rand_key . "' WHERE name = '" . $_POST['inlognaam'] . "'");
编辑:
或者在查询之前设置$_SESSION['inlognaam']:
$_SESSION['inlognaam'] = $_POST['inlognaam'];
mysql_query("UPDATE customers SET session_id = '" . $rand_key . "' WHERE name = '" . $_SESSION['inlognaam'] . "'");
编辑2: 要进行调试,我会尝试简化代码:
<?php
include('connect.php');
// kijk of formulier is verzonden
if ($_SERVER['REQUEST_METHOD'] == "POST") {
// indien verzonden
$query= mysql_query("SELECT * FROM customers WHERE name = '" .$_POST['inlognaam'] . "'");
if (mysql_num_rows($query) > 0) {
// als er een gebruiker is gevonden
$user = mysql_fetch_object($query);
if ($user->password == $_POST['password']) {
echo 'Inloggen is gelukt!';
} else {
// ongeldig wachtwoord
echo 'Ongeldig wachtwoord/gebruikersnaam!';
}
} else {
// ongeldige gebruikersnaam
echo 'Ongeldig wachtwoord/gebruikersnaam!';
}
}else {
?>
<form action="test.php" method="post">
<table id="loginbox">
<tr><td><b>Login:</b></td></tr>
<tr><td>Gebruikersnaam:</td></tr>
<tr><td> <input type="text" style="width:120;" name="inlognaam" id="inlognaam"> </td></tr>
<tr><td>Wachtwoord:</td></tr>
<tr><td> <input type="password" style="width:120;" name="password" id="password"> </td></tr>
<tr><td><input type="submit" name="Submit" value="Login"></td></tr>
</table>
</form>
<?php
}
?>