我想创建一个登录页面,但它不起作用。任何人都可以看到错误。谢谢
我有一个数据库,我有3行电子邮件 - 密码 - custermer_id。
<?
$email = $_POST['email'];
$password= $_POST['password'];
$login = $_POST['login'];
$user_custermers_id = $_GET['id'];
if($login = 'yes')
{
global $wpdb;
$get = mysql_query("SELECT * FROM das_custermer_users WHERE email = '$email' AND password = '$password'") or die(mysql_error());
$result = mysql_result($get, 0);
if($result != 1)
{
$msg = "WRONG MESSEGE";
}
else
{
session_start();
$_SESSION['email'] = $email;
header("location: http://tgdashboard.com");
}
}
?>
我的HTML
<form action="<? echo $_SERVER['PHP_SELF']; ?>" method="post">
<div class="header">
Loginoplysninger
</div>
<div class="row">
<label for="user">E-mail:</label>
<input type="text" name="user" id="user" value="">
</div>
<div class="row">
<label for="pass">Password:</label>
<input type="password" name="pass" id="pass" value="">
</div>
<div class="row">
<input type="submit" name="login" value="Login">
答案 0 :(得分:2)
问题是您已经在此处提交了value
Login
个提交按钮
<input type="submit" name="login" value="Login">
您正在检查登录是否为yes
$login = $_POST['login'];
$user_custermers_id = $_GET['id'];
if($login = 'yes'){
因此,当您已将值设置为yes
时,您正在检查值是否为Login
您应该执行类似
的操作 $login = $_POST['login'];
$user_custermers_id = $_GET['id'];
if($login = 'Login'){
,如下面的用户,已注意到if($login = 'yes'){
表示您正在为变量yes
分配值$login
,这意味着,如果您需要检查是否必须使用==
运算符。比如if($login == 'yes'){
答案 1 :(得分:1)
使用此代码可能对您有用..因为我已将此更改为wordpress.pls,请检查此。
<?php
session_start();
$email = $_POST['user']; //$_POST['email'];
$password= $_POST['pass']; //$_POST['password'];
$login = $_POST['login'];
$user_custermers_id = $_GET['id'];
if($login == 'Login' || isset($login))
{
global $wpdb;
/*$get = mysql_query("SELECT * FROM das_custermer_users WHERE email = '$email' AND password = '$password'") or die(mysql_error());
$result = mysql_result($get, 0);*/
$get = $wpdb->get_row("SELECT * FROM das_custermer_users WHERE email = '$email' AND password = '$password'", ARRAY_A);
if ($get != null)
{
// do something with the link
$_SESSION['custermer_id'] = $get->das_custermers_id;
$das_custermer_id = $get->das_custermers_id;
$_SESSION['email'] = $email;
//echo 'custermer-id'.$get->das_custermers_id.'custermer-idbysession'.$_SESSION['custermer_id'].'email'.$email.'emailby session'.$_SESSION['email'];
header("location: http://tgdashboard.com?das_custermers_id=".$das_custermer_id);
}
else
{
// no link found
$msg = "WRONG MESSEGE";
}
}
?>
试试这个会对你有用..
<?php
session_start();
$email = $_POST['user']; //$_POST['email'];
$password= $_POST['pass']; //$_POST['password'];
$login = $_POST['login'];
$user_custermers_id = $_GET['id'];
if($login == 'Login' || isset($login))
{
global $wpdb;
$get = mysql_query("SELECT * FROM das_custermer_users WHERE email = '$email' AND password = '$password'") or die(mysql_error());
//$result = mysql_result($get, 0);
$result = mysql_num_rows($get); // try this..
if($result == 0)
{
$msg = "WRONG MESSEGE";
}
else
{
//session_start();
$_SESSION['email'] = $email;
header("location: http://tgdashboard.com");
}
}
?>
答案 2 :(得分:1)
好的,这里有几件事,我在评论中也提到过。
首先,您正在使用mysql_query
,但显然使用wordpress(global $wpdb
)(WordPress不使用这些功能,而且它们已过时且已弃用, please read this并使用$wpdb->get_results()
函数代替。)
其次,您没有转义输入,这意味着我可以输入' OR email = 'admin@site.com'; --
的电子邮件,并以我想要的任何用户身份登录。在wordpress中,您正在寻找$wpdb->escape()
或查看prepared statements in wordpress。
第三,请不要使用短标记(<?
),因为您无法确定在部署此代码的所有PHP配置中是否已启用它们。最好坚持使用<?php
。
第四,正如其他人提到你“比较”(见第五篇)$login
到yes
,但它永远不会是,因为你提交的价值按钮是Login
。
第五,您没有将$login
与yes
进行比较,而是将$login
设置为yes
。请使用==
进行比较。
所以最终建议的代码应该是这样的:
<?php
$email = $_POST['email'];
$password= $_POST['password'];
$login = $_POST['login'];
$user_custermers_id = $_GET['id'];
if($login == 'Login') //Changed to == and 'Login'
{
global $wpdb;
//Changed to actually use $wpdb instead and get_results and escaping variables
$get = $wpdb->get_results("SELECT * FROM das_custermer_users WHERE email = '" . $wpdb->escape($email) . "' AND password = '" . $wpdb->escape($password) . "'");
//As $wpdb works different, use this
if (!empty($get)) {
session_start();
$_SESSION['email'] = $email;
header("location: http://tgdashboard.com");
} else {
$msg = "WRONG MESSAGE";
}
}
?>