我正在尝试为我的网站创建一个登录页面,并且它不允许我登录。
当我使用正确的详细信息时,它只是告诉我我使用了错误的用户名或密码。
为什么这不会让我登录?
来自common.inc.php
function logUserIn($username, $password) {
global $db, $site;
$out = false;
$sql = sprintf("SELECT * FROM wt_users WHERE username = :u");
$res = $db->prepare($sql);
if ($res->execute(array(':u'=> $username))) { // MySQL OK
$details = $res->fetch();
if ($details) { // Good username
if (md5($password) == $details['password']) { // good password - we're in!
$_SESSION['user'] = $details; // Overwrites whatever was there before, which is good
$_SESSION['user']['status'] = 'loggedin';
$out = true;
}
}
}
return $out;
}
来自login.php
switch (@$_REQUEST['login']) {
case 'logout':
logUserOut();
$status = "You have successfully logged out";
break;
case 'Login':
if (logUserIn($_REQUEST['username'],$_REQUEST['password'])) {
$show = 'welcome';
} else {
$errors['username'] = 'Either your username or password was incorrect. Please try again';
$details['username'] = $_REQUEST['username'];
$details['password'] = $_REQUEST['password'];
}
break;
... 从表格
if ('form' == $show){
?>
<h3>Please log in</h3>
<form method='post' action='<?php echo $site['self']; ?>'>
<?php echo $errorBlock ?>
<table>
<tr><th>Username</th><td><input name='username' value='<?php echo $details['username'] ?>'/></td></tr>
<tr><th>Password</th><td><input name='password' type='password' value='<? php echo $details['password'] ?>'/></td></tr>
</table>
<input type='submit' name='login' value='Login'/>
<input type='submit' name='login' value='Cancel'/>
</form>
我根本看不到任何错误。但它不是让我登录,而是我使用的数据库中的正确细节。我知道md5是完全没有安全感的,但我只是想尝试基础知识才能让它发挥作用。有人看到袖口有任何错误吗?
提前致谢。