我有以下代码:
session_start ();
include 'core/init.php';
$username = '';
$password = '';
$dbusername = '';
$dbpassword = '';
if (isset($_POST['Email']) && isset($_POST['Password']))
{
$username = $_POST['Email'];
$password = md5($_POST['Password']);
$query = mysql_query("SELECT * FROM member WHERE Email ='$username' AND Password='$password'");
$numrow = mysql_num_rows ($query);
// user login
if ($numrow!=0)
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['Email'];
$dbpassword = $row['Password'];
}
//Check to see if they match
if ($username==$dbusername&&$password==$dbpassword)
{
$_SESSION ['Email']=$username;
header('Location: member.php?username='.$username);
}
}
else
{
// admin login
$query2 = mysql_query("SELECT * FROM admin WHERE Email ='$username' AND Password ='$password'");
$numrow2 = mysql_num_rows ($query2);
if ($numrow2!=0)
{
while ($row = mysql_fetch_assoc($query2))
{
$dbusername = $row['Email'];
$dbpassword = $row['Password'];
}
//Check to see if they match
if ($username==$dbusername&&$password==$dbpassword)
{
$_SESSION ['Email']=$username;
header("Location: admin.php");
}else{
if (empty ($username) === true|| empty($password) === true) {
echo "Please enter a username and password";
} else if ($username!=$dbusername){
echo "That user does not exist! Have you registered?";
} else if ($username=$dbusername&&$password!=$dbpassword) {
echo "Incorrect password";
}
}
}
}
}
但是如果用户登录不正确,没有显示任何错误消息,只是一个空白页面,我认为它是我的大括号,但无论我改变它们多少次,我要么让它变得更糟或什么都没有。谁能告诉我我做错了什么?
答案 0 :(得分:2)
退房:
if (empty ($username) === true|| empty($password) === true) {
echo "Please enter a username and password";
} else if ($username!=$dbusername){
echo "That user does not exist! Have you registered?";
} else if ($username=$dbusername&&$password!=$dbpassword) {
echo "Incorrect password";
}
}
此部分包含登录错误,可在“admin login”部分找到,因此当非管理员用户登录失败时,不会出现错误。
答案 1 :(得分:0)
$query = mysql_query("SELECT * FROM member WHERE Email ='$username' AND Password='$password'");
if(mysql_num_rows($query) == 0){
echo 'You have entered wrong username/password'; }else {
// you can continue with your query below.
答案 2 :(得分:0)
您的select语句已确保提供的用户名和密码与数据库中的用户名和密码相匹配。没有必要在PHP中进行第二次比较。您的代码可能如下:
if (isset($_POST['Email']) && isset($_POST['Password']))
{
$username = $_POST['Email'];
$password = md5($_POST['Password']);
$query = mysql_query("SELECT * FROM member WHERE Email ='$username' AND Password='$password'");
if(mysql_num_rows($query) == 1)
{
$_SESSION['Email'] = $username;
header('location: member.php?username='.$username);
}
else
{
// try admin login
$query2 = mysql_query("SELECT * FROM admin WHERE Email ='$username' AND Password ='$password'");
if(mysql_num_rows($query2) == 1)
{
$_SESSION['Email'] = $username;
header("location: admin.php");
}
else
{
echo "Failed Login Attempt";
}
}
}
由于您的查询只返回用户名和密码匹配的记录,因此您无法获得用户名匹配但密码不匹配的结果,因此您需要在管理员结束时进行有条件检查登录永远不会发生。
作为附注,告知用户用户名是正确但密码不正确,反之亦然。这是一个安全问题,可以使恶意用户更容易获得访问权限。除此之外,请将此建议作为个人建议,而不是针对您的问题。