Question

在下面的代码中，我使用数据库检查用户名和密码，然后运行if语句以允许用户查看页面或只显示“请登录”消息。此时，即使密码相等，它也仅返回错误值。

我知道我可以在互联网上为此获取代码，但我想知道我的逻辑（仅在我脑海中）出错了。我也知道我没有对数据进行消毒，但这只是一个10年级学生的教程，只需要学习一些PHP的HTML和CSS。我稍后会得到保护数据 - 一次一个概念。

感谢您的帮助！

<?php

// connects to server 

include('includes/connect2.php');

// sets post to variables don't know if this is needed
$user=$_POST[username];
$pass=$_POST[password];

?>

<?php
// query to find ifnoramtion in database 
$result = mysqli_query($con, "SELECT * FROM social_register WHERE Login='$user'"); 
                    mysqli_real_escape_string($con, $user) . "'" ); 

$row = mysqli_fetch_assoc($result);

if ($pass == $row['Password']) { ?>
<div id="container">
    <div id="banner">
    The social Site 
        <div id="site_logo">
        <img src="images/logo_thumb.gif" /> 
                <?php

                while($row = mysqli_fetch_array($result))
                  {
                  echo $row['First_Name'] . " " . $row['Last_Name'];
                  echo "<br>";
                    }
                mysqli_close($con);
                ?>

        </div>
    </div>

<div id="person">
<h1>Welcome to your test web site</h1>
</div>


</div>
<?php
}
else 
{
?>
    <div id="container">
            <div id="banner">
            The social Site 
                <div id="site_logo">
                <img src="images/logo_thumb.gif" /> 


                </div>
            </div>

        <div id="person">
        <h1>You have not loged into the site, please login.</h1>
        </div>

<?php
}

?>

Answer 1

您应该在匹配mysqli_fetch_assoc

之前使用password获取数据

$user = mysqli_real_escape_string($con, $user);
$result = mysqli_query($con, "SELECT * FROM social_register WHERE Login = '".$user."'"); 

$row = mysqli_fetch_assoc($result);

if ($pass == $row['Password']) { ?>

Answer 2

好吧，我已经给你一个Login.php和一个Check.php，我希望你喜欢它......：P

试试：

//Login.php
session_start(); //create the session
if(isset($_POST['login']))
{

$con = mysqli_connect("myhost","myuser","mypassw","mybd") or die("Error " . mysqli_error($con));
$user = mysqli_fetch_assoc(mysqli_query($con, "SELECT * FROM social_register WHERE Login='" . mysqli_real_escape_string($con, $user) . "'" )); 

$pass = $user['Password']; //put the pass variable
if ( $pass == $user['Password'] ) {
    $_SESSION['ready'] = true;
    header('Location: you_page.php'); //redirect to your page when you have the correct pass
    exit;
} else
{
?>
<script type="text/javascript">
<!--
alert('Incorrect Password')
//-->
</script>
<?php
}
}
//continue with the next block
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title> Login </title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<center>
<h3 style="color:#fff;">Password:<h3>
<form method="post" action="">
<input type="password" style="text-align:center;" name="pass"><br>
<input type="submit" name="login" value="Iniciar sesión">
</form>
</center>
</body>
</html>

//Check.php
<?php
session_start();
if (!isset($_SESSION['ready'])
    || $_SESSION['ready'] !== true) {
    header('Location: login.php'); //Redirect to the login if you haven't the session set
    exit;
}
?>

在your_page.php中，您必须输入：

require 'check.php';

Logout.php

<?php
session_start();
if (isset($_SESSION['ready'])) {
   unset($_SESSION['ready']);
}
header('Location: index.php');
exit;
?>

密码正确时，数据库登录似乎不起作用

2 个答案: