即使用户/通行证组合正确,也无法登录

时间:2014-09-20 09:27:31

标签: php

我似乎无法弄清楚为什么我无法登录我的帐户。 PHP文件运行正常,没有错误,但它似乎唯一遇到的麻烦就是验证我用数据库中的数据输入的信息。

<?php
//login.php
session_start();
include 'connect.php';
include 'header.php';

echo '<h3>Log in</h3>';

//check if user is logged in
if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true){
    echo 'You are already logged in. <a href="logout.php">Click here</a> to log out.';
}
else{
    if($_SERVER['REQUEST_METHOD'] !='POST'){//no post, form appears
        echo '  <table border="0" width="100%">
                <form method="post" action="login.php">
                <tr>
                <td>Username:</td><td align="right"><input type="text" name="username" /></td>
                </tr><tr>
                <td>Password:</td><td align="right"><input type="password" name="password" /></td>
                </tr><tr>
                <td colspan="2" align="center"><input type="submit" value="Log in" /></td>
                </tr></form></table>';
    }
    else{
        //check data, let user fill wrong fields, verify data

        $errors = array();

        if(empty($_POST['username'])){
            $errors[] = 'The username field cannot be empty.';
        }
        if(empty($_POST['password'])){
            $errors[] = 'The password field cannot be empty.';
        }
        if(!empty($errors)){//generate list of errors
            echo 'The follow errors have occurred:';
            echo '<ul>';
            foreach($errors as $key => $value){
                echo '<li>' . $value . '</li>';
            }
            echo '</ul> <a href="Javascript:history.back(1)">Go back</a>';
        }
        else{//verify data

            $sql = "SELECT 
                    id, 
                    username, 
                    level 
                    FROM 
                    users 
                    WHERE 
                    username = '" . mysql_real_escape_string($_POST['username']) . "' 
                    AND 
                    password = '" . sha1($_POST['password']) . "'";

            $result = mysql_query($sql);
            if(!$result){
                //something went wrong
                echo 'An error has occurred. Please try again later. <br> <a href="Javascript:history.back(1)">Go back</a>';
            }
            else{
                //able to tap into db, but first error check and if matched, logged in
                if(mysql_num_rows($result) == 0){
                    echo 'The user/password combination is incorrect. Please try again. </br> <a href="Javascript:history.back(1)">Go back</a>';
                }
                else{
                    $_SESSION['signed_in'] = true; //logged in
                    //we also wanna fetch the user id, username, and user level
                    while($row = mysql_fetch_assoc($result)){
                        $_SESSION['id'] = $row['id'];
                        $_SESSION['username'] = $row['username'];
                        $_SESSION['level'] = $row['level'];
                    }
                    echo 'Welcome back, ' . $_SESSION['username'] . '. Proceed to the <a href="board.php">board index</a>.';
                }
            }
        }
    }
}

include 'footer.php';
?>

每当我输入正确的用户/密码组合时,我得到&#34;用户/密码组合不正确。请再试一次。&#34;这意味着查询正在运行,但由于某种原因,我输入的数据会返回0行。如果有帮助,则使用sha1加密密码。

0 个答案:

没有答案
相关问题
最新问题