我已经搜索了几天的答案,所以我想我会来这里试图了解我哪里出错,而不是废弃代码并重写所有内容。
我有一个用户注册表和一个带有所有相关用户登录字段的mysql数据库...用户名,名称,密码(sha1)等。当我注册用户时,连接的connectdb.php中的信息相同到我的数据库,它工作,并将所有信息输入数据库(密码也加密)。
然而......在这里它来了......当我尝试使用我知道应该匹配的一些凭据登录时,我的代码将从我的代码返回我的消息,"此信息与任何记录都不匹配;请再试一次。"
///////////这是我的登录代码,截断:
<?php
include_once('connectdb.php');
include_once('global.php');
include_once('validate.php');
?>
<form action="?action=userlogin" method="post">
<input type="text" name="username" placeholder="Enter Your Username" required /><br>
<input type="password" name="password" placeholder="Password" required /><br>
<input type="checkbox" name="remember" value="yes" checked="checked" /> Remember Me<br>
<input type="Submit" value="Login" />
//////////这是表单验证的代码:
<?php
$action = $_REQUEST["action"];
switch($action){
/////// START USER LOGIN ACTION /////////
case "userlogin":
if(isset($_POST['username'])) {
$message = '';
$username=$_POST['username'];
$password=$_POST['password'];
$remember=$_POST['remember'];
// Error handling
if( (!$username) || (!$password) ){
$message = 'Please fill in both username and password';
} else {
//secure the data
$username = mysql_real_escape_string($username);
$password = sha1($pass1);
$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1") or die('Could not check member');
$count=mysql_num_rows($query);
if($count == 0){
$message ='This Information does not match any records; please try again.';
} else {
//start the sessions
$_SESSION['password'] = $password;
while($result = mysql_fetch_array($query)){
$id = $result['id'];
}
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
if($remember == "yes"){
//create the cookies
setcookie("id_cookie",$id,time()+60*6*24*90, "/");
setcookie("pass_cookie",$password,time()+60*6*24*90, "/");
}
// Eventually point this to the member page
header("location: http://www.example.com/loggedin/");
$message ='Thank you for logging in!';
} // End if email and password match records
} // End if email and password are both filled out
} // End userlogin case
} // End switch statement
?>
///////////这是我的全球/会议
<?php
session_start();
include_once('connectdb.php');
//checking if the sessions are set
if(isset($_SESSION['username'])) {
$session_username = $_SESSION['username'];
$session_pass = $_SESSION['password'];
$session_id = $_SESSION['id'];
// check if the member exists
$query = mysql_query("SELECT * FROM users WHERE id='$session_id' AND password='$session_pass' LIMIT 1") or die(mysql_error());
$count = mysql_num_rows($query);
if($count > 0){
// logged in stuff here
$logged =1;
} else {
header("Location: http://www.example.com/logout.php");
exit();
}
} else if(isset($_COOKIE['id_cookie'])) {
$session_id = $_COOKIE['id_cookie'];
$session_pass = $_COOKIE['pass_cookie'];
$query = mysql_query("SELECT * FROM users WHERE id='$session_id' AND password='$session_pass' LIMIT 1") or die(mysql_error());
$count = mysql_num_rows($query);
if($count > 0){
while($result = mysql_fetch_array($query)){
$session_username = $result['username'];
}
//create sessions
$_SESSION['username'] = $session_username;
$_SESSION['id'] = $session_id;
$_SESSION['password'] = $session_pass;
// logged in stuff here
$logged =1;
} else {
header("Location: http://www.example.com/logout.php");
exit();
}
} else {
// if the user is not logged in
$logged = 0;
}
?>
我还听说我应该切换到mysqli,并且我正在尝试研究我的代码转换以包含它,但是在确保它之前,我想首先集中精力让它完全正常工作。如果有人有时间协助解决主要问题,并展示我如何整合mysqli,那也将非常受欢迎! : - )
答案 0 :(得分:1)
在您的保护部分中,更改
$password = sha1($pass1);
要
$password = sha1($password);