我忙着这几个小时来解决它,但它无法正常工作。我的逻辑必须工作,但不是,这是我提出问题的最后一个地方,我现在正在做,希望任何人都可以帮助我。 我尝试使用MySqli检查MySql数据库中的$ _POST值并检查计数是否正确。之后我会检查密码是否与给定的密码相同。 我已经使用了这种方式,因此我可以确定用户是否提供了无效的用户名或密码,并向他们显示错误信息。 我目前的知识是登录脚本不会读取$ _POST中的任何值。 我可以用一些很棒的帮助。 这是代码:
HTML:
<form action="inc/login.php" method="post">
<label for="gr_username">Gamertag </label>
<input type="text" id="gr_username" name="gr_username" class="panel panel-default" placeholder="GT" style="width:120px;height:25px;"/>
<br>
<label for="gr_password">Password </label>
<input type="password" id="gr_password" name="gr_password" class="panel panel-default" placeholder="Password" style="width:120px;height:25px;"/>
<br><br>
<input type="submit" id="submit" class="btn btn-primary" value=" LOGIN "/>
</form>
PHP:
<?php
error_reporting(-1);
ini_set('display_errors', 'On');
include_once('../../inc/db.php');
$link = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
$username = mysqli_real_escape_string($_POST['gr_username']);
$password0 = mysqli_real_escape_string($_POST['gr_password']);
$password = hash('whirlpool', $password0);
if(!$link)
{
header('Location: ../login.php?err=Servers not available at the moment! Please try again later. [ERRCODE: L01]');
}
$sql = "SELECT * FROM leaders WHERE username = '" . $username . "'";
$res = mysqli_query($link, $sql);
if(!$res)
{
header('Location: ../login.php?err=Servers not available at the moment! Please try again later. [ERRCODE: L03]');
}
else
{
$totalrows = mysqli_num_rows($res);
if ($totalrows > 0) {
while($row = mysqli_fetch_assoc($res))
{
if ($password == $row['password']) {
$_SESSION['gamertag'] = $row['username'];
$_SESSION['socialclub'] = $row['socialclub'];
$_SESSION['leaderid'] = $row['id'];
} else {
header('Location: ../login.php?err=Invalid Password! Try again.');
}
}
header('Location: ../index.php?grmsg=You are successfully logged into the Leader Panel!');
} else {
header('Location: ../login.php?err=Username not found! Try again.');
}
}
?>
希望你能帮助我。 提前谢谢!
答案 0 :(得分:0)
由于您获得了Invalid Password! Try again.,这意味着至少找到了该用户。
这确认查询有效但也意味着:
<强> hash('whirlpool', $password0) != $row['password']
这是您需要调查不满足条件的原因。
如果我是你,我会这样做:
if ($password == $row['password']) {
//works
} else {
//header('Location: .....');
echo "Invalid Password! Try again";
echo "password0 : ".$password0."<br>";
echo "password hashed : ".$password."<br>";
echo "password from db : ".$row['password']."<br>";
}
否则你将不得不再次散列db值hash('whirlpool', $row['password']);,这会破坏哈希的整个目的。
希望这有帮助
答案 1 :(得分:0)
试试这个......
<?php
session_start();
include ('connect.php');
$login_id = mysql_real_escape_string($_POST['login_id']);
$password = mysql_real_escape_string(SHA1($_POST['password']));
//your hash function here...
include('connect.php');
$chk = mysql_query("SELECT * FROM admin where name = '$login_id' AND password = '$password';");
$count = mysql_num_rows($chk);
if($count=='1')
{
$_SESSION['name'] = $login_id;
//to loggoed on page
header("location:admin.php?id=1");
}
else {
echo "<script>
alert('Invalid Login...');
window.location.href='index.php';
</script>";
}
?>