我用Php数据对象制作了一个登录脚本。 但是它无法正常工作,问题是它会让任何用户登录,即使密码与数据库记录不匹配。我对此部分感到很困惑,我无法弄明白。
$case = 1;
include("common/top.php");
if(isset($_SESSION['STAKEZONE']))
{
header("Location: dashboard.php");
}
if(!empty($_POST['login']))
{
if($_POST['username'] == '')
{
$msg = 'Please Enter your Username! <br>';
$case = 0;
}
if($_POST['password'] == '')
{
$msg = 'Please Enter your Password!';
$case = 0;
}
if($case == 1)
{
$username = $_POST['username'];
$password = $_POST['password'];
$sql = $dbh->prepare("SELECT * FROM users WHERE username = ?");
$sql->execute(array($username));
while($u = $sql->fetch())
{
$id = $u['id'];
$password_query = $u['password'];
$lastip = $u['lastip'];
$status = $u['status'];
}
$row = $sql->fetch(PDO::FETCH_ASSOC);
if($status == '0' && $row)
{
$msg = base64_encode('Your Account is Inactive');
header("Location: login.php?msg=$msg");
die;
}
$password_md5 = md5($password);
if($password_md5 = $password_query)
{
$sql = "UPDATE users
SET lastip = ?
WHERE id = ?";
$q = $dbh->prepare($sql);
$q->execute(array($_SERVER['REMOTE_ADDR'],$id));
$_SESSION['STAKEZONE']['user'] = $username;
$_SESSION['STAKEZONE']['id'] = $id;
header("Location: dashboard.php");
die;
}
else
{
$msg = base64_encode("Wrong Username Or Password");
header("Location: login.php?msg=$msg");
die;
}
}
else
{
header("Location: login.php?msg=$msg");
die;
}
}
感谢您的帮助,非常感谢。
答案 0 :(得分:1)
你有一个错字。您需要更改以下行
if($password_md5 = $password_query)
进入以下
if($password_md5 == $password_query)