我的PHP用户登录不起作用

时间:2014-09-03 00:34:09

标签: php mysql login

我已经搜索了几天的答案,所以我想我会来这里试图了解我哪里出错,而不是废弃代码并重写所有内容。

我有一个用户注册表和一个带有所有相关用户登录字段的mysql数据库...用户名,名称,密码(sha1)等。当我注册用户时,连接的connectdb.php中的信息相同到我的数据库,它工作,并将所有信息输入数据库(密码也加密)。

然而......在这里它来了......当我尝试使用我知道应该匹配的一些凭据登录时,我的代码将从我的代码返回我的消息,"此信息与任何记录都不匹配;请再试一次。"

///////////这是我的登录代码,截断:

<?php 
include_once('connectdb.php');
include_once('global.php');
include_once('validate.php'); 
?>

    <form action="?action=userlogin" method="post">
    <input type="text" name="username" placeholder="Enter Your Username" required /><br>
    <input type="password" name="password" placeholder="Password" required /><br>
    <input type="checkbox" name="remember" value="yes" checked="checked" /> Remember Me<br>
    <input type="Submit" value="Login" />



//////////这是表单验证的代码:

    <?php
    $action = $_REQUEST["action"];
    switch($action){
    /////// START USER LOGIN ACTION /////////
case "userlogin":
if(isset($_POST['username'])) {
    $message = '';
    $username=$_POST['username'];
    $password=$_POST['password'];
    $remember=$_POST['remember'];

// Error handling
if( (!$username) || (!$password) ){
    $message = 'Please fill in both username and password';
    } else {
    //secure the data
    $username = mysql_real_escape_string($username);
    $password = sha1($pass1);
    $query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1") or die('Could not check member');
    $count=mysql_num_rows($query);
    if($count == 0){
        $message ='This Information does not match any records; please try again.';
    } else {
        //start the sessions
        $_SESSION['password'] = $password;
        while($result = mysql_fetch_array($query)){
        $id = $result['id'];
    }
    $_SESSION['username'] = $username;
    $_SESSION['id'] = $id;

    if($remember == "yes"){
        //create the cookies
        setcookie("id_cookie",$id,time()+60*6*24*90, "/");
        setcookie("pass_cookie",$password,time()+60*6*24*90, "/");
    }       
    // Eventually point this to the member page
    header("location: http://www.example.com/loggedin/");
    $message ='Thank you for logging in!';
    } // End if email and password match records
    } // End if email and password are both filled out
    } // End userlogin case 
    } // End switch statement
    ?>

///////////这是我的全球/会议

    <?php 
    session_start();
    include_once('connectdb.php');

//checking if the sessions are set
if(isset($_SESSION['username']))  {
$session_username = $_SESSION['username'];
$session_pass = $_SESSION['password'];
$session_id = $_SESSION['id'];

// check if the member exists
$query = mysql_query("SELECT * FROM users WHERE id='$session_id' AND password='$session_pass' LIMIT 1") or die(mysql_error());
$count = mysql_num_rows($query);
if($count > 0){
    // logged in stuff here
    $logged =1;

} else {
    header("Location: http://www.example.com/logout.php");
    exit();
}
} else if(isset($_COOKIE['id_cookie'])) {
$session_id = $_COOKIE['id_cookie'];
$session_pass = $_COOKIE['pass_cookie'];

$query = mysql_query("SELECT * FROM users WHERE id='$session_id' AND password='$session_pass' LIMIT 1") or die(mysql_error());
$count = mysql_num_rows($query);
if($count > 0){
    while($result = mysql_fetch_array($query)){
        $session_username = $result['username'];
    }
    //create sessions
    $_SESSION['username'] = $session_username;
    $_SESSION['id'] = $session_id;
    $_SESSION['password'] = $session_pass;
    // logged in stuff here
    $logged =1;
} else {
    header("Location: http://www.example.com/logout.php");
    exit();
}
} else {
// if the user is not logged in
$logged = 0;
}
?>

我还听说我应该切换到mysqli,并且我正在尝试研究我的代码转换以包含它,但是在确保它之前,我想首先集中精力让它完全正常工作。如果有人有时间协助解决主要问题,并展示我如何整合mysqli,那也将非常受欢迎! : - )

1 个答案:

答案 0 :(得分:1)

在您的保护部分中,更改

$password = sha1($pass1);


$password = sha1($password);
相关问题
最新问题