当我尝试登录时,我的代码无法正常工作

时间:2014-04-22 04:22:14

标签: php mysqli

这是我第一次使用Mysqli。所以我可能犯了一些错误。好吧,我已成功插入所有数据用于注册目的,包括密码哈希到Mysql数据库。

//for password 
$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));    
$pass = hash('sha512', $password . $random_salt);

好吧,当我使用以下代码登录时,它显示我的自定义错误消息"电子邮件地址或密码不正确" 

<?php
ob_start();
session_start();
require_once("includes/config.php");

    $email = inputvalid($_POST['email']);
    $password = inputvalid($_POST['password']);

    //$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
    //$random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
    //$pass = hash('sha512', $password.$random_salt);


    $salt = mysqli_query($mysqli, "SELECT salt FROM members WHERE email = '$email'");
    $res = mysqli_fetch_array($salt, MYSQLI_NUM);
    $salt = $res['salt'];

    $password2  = hash('sha512', $password.$salt);

    $check = mysqli_query($mysqli, "SELECT email, password FROM members WHERE email='$email' AND password = '$password2' ");
    $num = mysqli_num_rows($check);

    $isActive =  mysqli_query($mysqli, "SELECT is_active FROM members WHERE email = '$email' ");
    $res =  mysqli_fetch_array($isActive, MYSQLI_NUM);
    $isActive = $res['is_active'];

    $msg =  array();
    $msg['error'] = false;



                    if(empty($email) && empty($password)){  
                        $msg[] = "Both field require";  
                        $msg['error'] = true;
                    }                   
                    elseif($num == 0){
                        $msg[] = "Email address or password is not correct";    
                        $msg['error'] = true;
                        echo mysql_error();
                    }elseif($isActive == 0) {
                        $msg[] = "Sorry, you account has not been activated.";  
                        $msg['error'] = true;
                    }




    if($msg['error'] === false)
    {
    //Begin form success functionality

            $_SESSION['email'] = $email;
            $_SESSION['password'] = $password2; 

            if(isset($_SESSION['email']) && isset($_SESSION['password']))
            {
                $msg[] = '<br/><font color="b9c025">Successfully login.</font><br/><br/>';          
            }
            else
            {
                $msg[] = "Session not registererd"; 
                $msg[] =  "The reasone is " . mysql_error(); 
            }

    //update database...
    $date = date("d-m-y h:m:s");        
    $update = mysqli_query($mysqli, "UPDATE members SET last_visit_dt = '$date', pageviews  = pageviews + 1  WHERE email = '$email'");
    }       

$another = "close";
echo  json_encode($msg);



?>

任何人都可以帮助我吗?

更新:

function inputvalid($para){
return mysqli_real_escape_string(htmlspecialchars(trim($para)));
}

1 个答案:

答案 0 :(得分:1)

尝试类似的东西:

更换

$check = mysqli_query($mysqli, "SELECT email, password FROM members WHERE email='$email' AND password = '$password2' ");
$num = mysqli_num_rows($check);

通过

$check = mysqli_real_query($mysqli, "SELECT email, password FROM members WHERE email='$email' AND password = '$password2' ");
$result = mysqli_store_result($mysqli);
$num = $result->num_rows;
mysqli_free_result($result);
相关问题
最新问题