对于错误密码,登录返回空白?

时间:2013-01-26 11:22:37

标签: php login passwords

我一直在使用教程进行注册和登录页面。除非用户输入错误的密码,否则一切都很完美。

如果未输入密码,则表明错误显示正确。

如果输入了正确的密码,则会将其记录下来。

如果输入的密码不正确,则会转到空白页面?!

我想要一个不正确的密码来显示一条消息,就像输入错误的用户名一样。我已经包含了我的整个login.php代码:

include('db.php');

if(!isset($_POST['login'])) {
    include('form.php');
} else {

    if(isset($_POST['user'])&&$_POST['user']==""||!isset($_POST['user'])) {
        $error[] = "Username Field can't be left blank";
        $usererror = "1";
    }

    if(!isset($usererror)) {
        $user = mysql_real_escape_string($_POST['user']);
        $sql = "SELECT * FROM users WHERE user = '$user'";
        if(mysql_num_rows(mysql_query($sql))=="0") {
            $error[] = "Can't find a user with this username";
        }
    }

    if(isset($_POST['pass'])&&$_POST['pass']==""||!isset($_POST['pass'])) {
        $error[] = "password Field can't be left blank";
    }

    if(isset($error)) {
        if(is_array($error)) {
            echo "<div class=\"error\"><span>please check the errors and refill the form<span><br/>";
            foreach ($error as $ers) {
                echo "<span>".$ers."</span><br/>";
            }
            echo "</div>";
            include('form.php');
        }
    }

    if(!isset($error)) {
        $suser=mysql_real_escape_string($_POST['user']);
        $spass=md5($_POST['pass']);//for secure passwords
        $find = "SELECT * FROM users WHERE user = '$suser' AND password = '$spass'";
        if(mysql_num_rows(mysql_query($find))=="1"or die(mysql_error())) {
            session_start();
            $_SESSION['username'] = $suser;
            header("Location: loggedin.php");
        } else {
            echo "<div class=\"warning\"><span>Some Error occured durring processing your data</div>";
        }
    }
}

2 个答案:

答案 0 :(得分:2)

if(mysql_num_rows(mysql_query($find))=="1"or die(mysql_error())){

如果输入的密码错误,mysql_num_rows(mysql_query($find))为0,则会生成die(mysql_error())。但由于没有mysql_error(),您会看到一个空白页面。

试试这个

$result = mysql_query($find) or die(mysql_error());
if (mysql_num_rows($result) == 1) {
    // proceed
} else {
    // authentication failed
}

编辑:这仅用于说明目的。处理MySQL时使用MySQLiPDO

答案 1 :(得分:0)

代码对我来说有点混乱,请考虑使用此代码。

<?php

include('db.php');
if(isset($_POST['login'])) {
     $username = mysql_real_escape_string($_POST['user']);
     $password = md5($_POST['pass']);

     if(empty($username) || empty($password)) {
          echo "Empty username or password.";
     } else {
          mysql_query("SELECT * FROM `users` WHERE `user` = '$user' AND `password.md5` = '$password'");
          if(mysql_num_rows() == 1) {
               // login successfull 
               session_start();
               $_SESSION['username'] = $username;
               header("Location: loggedin.php");
          } else {
               echo "Invalid username or password.";
          }
     }
} else {
     include  ('form.php');
}

?>
相关问题
最新问题