检查登录始终返回登录失败页面

时间:2013-12-06 19:09:39

标签: php login

这是我的支票登录编码。我无法登录我的系统因为它总是返回登录失败。我已插入正确的用户名,密码和角色,但仍返回登录失败页面。

我认为我的编码有问题     if(mysql_num_rows($ result)== 1) 顺便问一下,这条线是什么意思? 

<?php
session_start();
require 'database.php';

//to store validation errors
$errmsg_arr = array();

//validation error flag
$errflag = false;

//function to sanitize values from the form. Preventing the SQL injection
function clean ($str){
    $str = @trim($str);
    if (get_magic_quotes_gpc()){
        $str = striplashes ($str);
    }
    return mysql_real_escape_string($str);
}

//sanitize POST values
$myusername = clean ($_POST['username']);
$mypassword = clean ($_POST['password']);
$role = clean ($_POST['role']);

//input validations
if ($myusername == ''){
    $errmsg_arr[] = 'Insert your username';
    $errflag = true;
}
if ($mypassword == ''){
    $errmsg_arr[]= 'Insert you password';
    $errflag = true;
}

//if there are input validation, redirect back to home
if ($errflag){
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
    session_write_close();
    header("location:index.php");
    exit();
}

$qry = "SELECT student.user_id, student.username, student.password, student.role FROM student WHERE username = '$myusername' and password = '".md5($_POST['password'])."' and role = '$role'";
$result = mysql_query($qry);

if ($result){
    if (mysql_num_rows($result)== 1){       
        session_regenerate_id();
        $student = mysql_fetch_assoc($result);  
        $_SESSION['SESS_USER_ID']= $student['user_id'];
        $_SESSION['SESS_USERNAME']= $student['username'];
        $_SESSION['SESS_PASS']= $student['password'];
        $_SESSION['SESS_ROLE']= $student['role'];
        session_write_close();
        header("location: profile.php");
        exit();
    }else {
        header ("location: login_failed.php");
        exit();
    }
}else {
    die ("Query failed");
}

?>

3 个答案:

答案 0 :(得分:3)

你的if子句中只有一个“=”.. 

if ($myusername = ''){
    $errmsg_arr[] = 'Insert your username';
    $errflag = true;
}

更改为:

  if ($myusername == ''){
        $errmsg_arr[] = 'Insert your username';
        $errflag = true;
    }


if (empty($myusername)){
        $errmsg_arr[] = 'Insert your username';
        $errflag = true;
    }

答案 1 :(得分:2)

试试这个.. 

`$qry = "SELECT student.user_id, student.username, student.password, student.role FROM  student WHERE username = '$myusername' and password = '".md5($_POST['password'])."' and role = '$role'";
$result = mysql_query($qry);
$count=0;

if ($result)
{  
while ($line = mysql_fetch_assoc($result)) {
 $count++;
 $name=$result["username"];
}

 if ($count == 1) {    
    session_regenerate_id();
    $student = mysql_fetch_assoc($result);  
    $_SESSION['SESS_USER_ID']= $student['user_id'];
    $_SESSION['SESS_USERNAME']= $student['username'];
    $_SESSION['SESS_PASS']= $student['password'];
    $_SESSION['SESS_ROLE']= $student['role'];
    session_write_close();
    header("location: profile.php");
    exit();
    }else {
    header ("location: login_failed.php");
    exit();
    }
}else {
die ("Query failed");
}`

答案 2 :(得分:0)

你的if子句中需要两个“==”,否则你将该变量设置为''。

相关问题
最新问题