使用mysqli进行简单的php登录无法验证?

时间:2014-12-15 12:06:31

标签: php sql login

我是php的初学者,我为我的网站创建了一个简单的php和mysqli登录系统,但我的代码不会验证,例如"用户名不存在"并且我不确定如何为用户创建帐户以使其成为个人帐户。我的代码是3个文件,都是链接的。 connection.php包含session_star();和数据库的连接 Homepage.php - 表格上显示的内容

<?php
 include 'login.php';
 ?>
 <section>
 <img id="image1" src="homepic.jpg" alt="logo" /> 
 </section>

loginform.php 

<link rel="stylesheet" href="homecss.css"/>
<div id="form">
<h2>Login</h2>
<form method="post" action="loginSubmit.php">
User Name: <br/>
<input type="name" name="username" type="text" /><br />
 Password: <br/>
 <input id="password" name="password" type="password" /><br />
 <input type="submit" name="logsubmit" value="Login" />
 </form></div>

login.php 

<link rel="stylesheet" href="homecss.css"/>

<?php
include './connection.php';
?>
<div id="form">
<?php

if(!isset($_SESSION['authenticatedusername'])){
 include './loginform.php'; 

if (!empty($_POST['username'])) {
echo "Username is required";
 }
 if (!empty($_POST['password'])) {
echo "Password is required";

 }
 }
 else{  
echo 'welcome   '. $_SESSION['authenticatedusername'];
echo '<br/><a href ="logout.php"> logout </a>';
echo '<br/><a href ="account.php"> My account </a>';

//check to see if error message is to be displayed
if (isset($_SESSION['message'])){
echo $_SESSION['message']="login failed";
}

?>
</div>

loginSubmit.php 

<?php
include "connection.php";
if(isset($_POST['logsubmit'])){
$user=$_POST['username'];
$pass=$_POST['password'];
$query= "SELECT * FROM users WHERE user_name='$user' AND user_password='$pass'";
$result=mysqli_query($connection, $query);

if ($row = mysqli_num_rows($result) >0){
$_SESSION['authenticatedusername']=$user;
header ("Location: homepage.php");

} else{
echo $_SESSION['message'];
header("Location: homepage.php");
}
}
?>

2 个答案:

答案 0 :(得分:0)

你在empty()

上的情况不对 
if (!empty($_POST['username'])) { // If username is filled, you are showing error.
echo "Username is required";
 }
 if (!empty($_POST['password'])) { // If password is filled, you are showing error.
echo "Password is required";

 }

应该是

if (empty($_POST['username'])) { // If username is not filled, show error.
echo "Username is required";
 }
 if (empty($_POST['password'])) { // If password is not filled, show error.
echo "Password is required";
 }

答案 1 :(得分:0)

此代码将在MySQL查询中找到错误,因为它指向那里。该错误可能是由未转义的用户和传递变量或字段名称中的错误引起的......无论如何,它都会显示给您。

<?php
include "connection.php";
if(isset($_POST['logsubmit'])){
$user=mysqli_real_escape_string($connection, $_POST['username']);
$pass=mysqli_real_escape_string($connection, $_POST['password']);
$query= "SELECT * FROM users WHERE user_name='$user' AND user_password='$pass'";


if (!$result=mysqli_query($connection, $query)) {
echo "<div>$query</div>"; //this outputs your query as sent to MySQL
echo "<div>".mysqli_error($connection)."</div>"; // this will output the mysql error
}


if ($row = mysqli_num_rows($result) >0){
$_SESSION['authenticatedusername']=$user;
header ("Location: homepage.php");

} else{
echo $_SESSION['message'];
// header("Location: homepage.php"); //disabled to see the error
}
}
?>
<a href="homepage.php"> Homepage </a>
相关问题
最新问题