当登录密码或用户名不正确时,它会在应该的时候回显错误,任何人都知道为什么会这样? 我已多次检查代码,但仍然无法找到错误发生的原因所以如果有人能修复我的代码会很棒
<?php
define('DB_HOST', 'localhost');
define('DB_NAME', 'radio');
define('DB_USER','anuar');
define('DB_PASSWORD','admin');
$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
/*
$ID = $_POST['user'];
$Password = $_POST['pass'];
*/
function SignIn()
{
session_start(); //starting the session for user profile page
if(!empty($_POST['user'])) //checking the 'user' name which is from Sign-In.html, is it empty or have some text
{
$query = mysql_query("SELECT * FROM members where Username = '$_POST[user]' AND Password = '$_POST[pass]'") or die(mysql_error());
$row = mysql_fetch_array($query) or die(mysql_error());
if(!empty($row['Username']) AND !empty($row['Password']))
{
$_SESSION['Username'] = $row['Password'];
echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";
}
else
{
echo "SORRY... YOU ENTERD WRONG ID AND PASSWORD... PLEASE RETRY...";
}
}
}
if(isset($_POST['submit']))
{
SignIn();
}
?>
答案 0 :(得分:0)
更改此行
if(!empty($row['Username']) AND !empty($row['Password']))
{
$_SESSION['Username'] = $row['Password'];
echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";
}
到此
if(mysql_num_rows($query)>0)
{
$_SESSION['Username'] = $row['Password'];
echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";
}
答案 1 :(得分:0)
尝试这可能会给你一个想法
$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
$sql=mysql_query("SELECT * FROM admin WHERE username='$username' AND password='$password'");;
$count=mysql_num_rows($sql);
if($count==1)
{
$_SESSION['admin']=$username;
redirect();
}
else
{
echo "<script>alert('Username or password is incorrect...');</script>";
}
答案 2 :(得分:0)
$row = mysql_fetch_array($query)....
您可以更改此代码:
$row = mysql_num_rows($query);
if($row >=1){
$data = mysql_fetch_array($query);
$_SESSION['Username'] = $data['Username'];
echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";
}else{
echo "Invalid Username or Password";
}
答案 3 :(得分:0)
我冒昧地重写您的代码以解决许多潜在问题,并展示一些更好的做法,包括:
您的托管服务提供商可能不会提供所有这些功能,但我认为这是一个很好的机会,可以对它们进行简要的调查,这样您就可以了解应该在哪里寻找。
<?php
session_start(); //starting the session as soon as the script begins
try {
$db = new PDO('mysql:host=localhost;dbname=radio;charset=utf8', 'anuar', 'admin');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
} catch(PDOException $ex) {
echo $ex->getMessage();
}
/*
$ID = $_POST['user'];
$Password = $_POST['pass'];
*/
function SignIn()
{
if(!empty($_POST['user'])) //checking the 'user' name which is from Sign-In.html, is it empty or have some text
{
try {
$stmt = $db->prepare("SELECT * FROM members where Username = :user");
$stmt->execute(array(':user' => $_POST['user']));
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
if (((count($results) != 1) || !password_verify($_POST['pass'], $results[0]['Password'])) {
// Either password verification failed, or we did not get back exactly one row with the given username;
// do something sensible about that, please.
return false;
}
$_SESSION['Username'] = $results[0]['Username'];
} catch (PDOException $ex) {
// Our database code failed somewhere - you should log this somewhere and check on them regularly,
// if you're getting a lot of them give some thought as to why.
echo $ex->getMessage();
}
}
}
if(isset($_POST['submit']))
{
SignIn();
}