php登录脚本if if返回else,即使db中的登录信息正确

时间:2013-08-09 20:19:43

标签: php mysql

这段代码是作为管理员登录我正在构建的页面的后端。它解析为'else'语句,回显我的“不正确的信息”语句。基本上说它没有找到我在服务器上创建的凭据,我检查过并仔细检查过。还确认我的连接脚本正在运行。我很难过。任何帮助将不胜感激。

<?php
session_start();
if(isset($_SESSION["manager"])) {
  header("location: index.php");
  exit();
}
?>
<?php 
// Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["username"]) && isset($_POST["password"])) {

    $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["username"]); // filter everything but numbers and letters 
      $password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters 
      // Connect to the MySQL database
      include "../php/connect_to_mysql.php";
      $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // Query the person
//------MAKE SURE PERSON EXISTS-----
$existCount = mysql_num_rows($sql); // Count the row nums
if ($existCount == 1) {
    while($row = mysql_fetch_array($sql)){
      $id = $row["id"];
    }
    $_SESSION["id"] = $id;
    $_SESSION["manager"] = $manager;
    $_SESSION["password"] = $password;
    header("location: index.php");
    exit();
  } else {
    echo 'That information is incorrect, <a href="index.php">try again</a>.';
    exit();
  }
}
?>

这是表格代码

<form name="adminform" id="adminform" method="post" action="admin_login.php">
              <div class="row collapse">
                <div class="large-2 columns">
                  <label class="inline">Username</label>
                </div>
                <div class="large-10 columns">
                  <input type="text" id="username" placeholder="JohnDoe" name="username">
                </div>
              </div>
              <div class="row collapse">
                <div class="large-2 columns">
                  <label class="inline">Password</label>
                </div>
                <div class="large-10 columns">
                  <input type="password" id="password" placeholder="Shazam" name="password">
                </div>
              </div>
              <button type="submit" name="button" id="button" class="radius button">Log In</button>
        </form>

1 个答案:

答案 0 :(得分:3)

问题可能是,即使您检查$ _POST var,当您执行过滤时,也使用$ _SESSION值。尝试使用$ _POST。

// Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["username"]) && isset($_POST["password"])) {
    $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]);
    $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]);

    // ...
相关问题
最新问题