当应该检查时,页面将使用任何密码登录... 代码应该只允许您使用用户名和密码登录, 但它只允许您使用用户名。请帮助我解决这个问题,因为我已经将代码镶嵌了好几天,并且无法解决问题所在 代码:
function login() {
$post_user = $_POST["user"];
$post_pass = $_POST["pass"];
$salt = substr($post_user, 0, 2);
$passwd = crypt($pass, $salt);
echo $passwd;
// start editing
$con = mysql_connect("localhost","user","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("area71", $con);
$result = mysql_query("SELECT username,password FROM users WHERE username='$post_user' AND password='$passwd'");
if (!$result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
while($row = mysql_fetch_row($result))
{
$dbuser = $row[0];
$dbpass = $row[1];
}
// end of edit
if (isset($_POST["Submit"])) {
$nr = 1;
while (isset($dbuser[$nr])) {
if (($dbpass === $passwd)) {
$_SESSION["user"] = $dbuser;
header("Location: ". "?page=dashboard");
}
$nr++;
}
}
};
答案 0 :(得分:1)
因为'$ pass'未设置?
$passwd = crypt($pass, $salt);