任何人都可以提供帮助,我一直试图让这个PHP代码工作,但成功有限,似乎在while语句中的else语句被忽略,我看了其他的例子,只是看不出我是什么做错了。代码在登录表单中使用,不起作用的部分是用户输入错误密码。我是PHP的新手,这是一个大学的任务。我还将包含登录页面的代码。
<?php
ob_start();
session_start();
error_reporting(0);
$username = $_POST['username'];
$password = $_POST['password'];
//sanitize username
$username = mysql_real_escape_string($username);
if($username&&$password) {
include 'db.php';
$query = mysql_query("SELECT id, username, password, salt
FROM member
WHERE username = '$username';");
$numrows = mysql_num_rows($query);
$result = mysql_query($query);
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
$salt = $userData['salt'];
$hash = hash('sha256', $salt . hash('sha256', $password) );
if ($numrows !=0) {
while ($rows = mysql_fetch_assoc($query))
{
$dbusername = $rows['username'];
$dbpassword = $hash;
if ($username===$dbusername&&$hash===$dbpassword)
{
$_SESSION['username']=$dbusername;
header("location: index.php?remarks=success");
}
else
{
header("location: index.php?remarks=incorrect");
}
}
}
else
header("location: index.php?remarks=register");
}
else
header("location: index.php?remarks=other");
?>
<html>
<head>
<title>Login Form</title>
</head>
<body>
<form method="post" action="code_index.php">
<table width="274" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<td colspan="2">
<div align="center">
<?php
$remarks=$_GET['remarks'];
if ($remarks==null and $remarks=="")
{
echo "Login Here<br/> <a href='registration.php'>Or Click Here to Register.</a>";
}
if ($remarks=='register')
{
echo "That username Does not Exists.<br/><a href='registration.php'>Click Here to register.</a>";
}
if ($remarks=='incorrect')
{
echo "Incorrect Password.<br/>Please Re-enter Password";
}
if ($remarks=='success')
{
echo "Login Successful. <br/> <a href='membersarea.php'>Click Here to go to the Members Area.</a>";
}
if ($remarks=='other') {
echo "Please enter a Username and Password<br/><a href='registration.php'>Or Click Here to register.</a>";
}
?>
</div></td>
</tr>
<tr>
<td>Username:</td>
<td><input type="text" name="username" placeholder="Enter your Username"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" placeholder="Enter your Password"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>
答案 0 :(得分:0)
您需要从数据库
分配dbpassword//$dbpassword = $hash; //This is wrong
这样做。
$dbpassword = $rows['password'];
if ($username===$dbusername&&$hash===$dbpassword)
答案 1 :(得分:0)
你能试试吗,
ob_start();
session_start();
error_reporting(0);
$username = $_POST['username'];
$password = $_POST['password'];
//sanitize username
$username = mysql_real_escape_string($username);
if(isset($username) && isset($password)) {
include 'db.php';
$query = mysql_query("SELECT id, username, password, salt
FROM member
WHERE username = '$username' ");
$numrows = mysql_num_rows($query);
if ($numrows > 0) {
while ($rows = mysql_fetch_array($query))
{
$dbusername = $rows['username'];
$salt = $rows['salt'];
$hash = hash('sha256', $salt . hash('sha256', $password) );
$dbpassword = $hash;
if ($username==$dbusername && $hash==$dbpassword)
{
$_SESSION['username']=$dbusername;
header("location: index.php?remarks=success");
}
else
{
header("location: index.php?remarks=incorrect");
}
}
}else{
header("location: index.php?remarks=register");
}
}else{
header("location: index.php?remarks=other");
}