我在以下代码中遇到了一个痛苦的问题。我的应用程序连接到名为main.php的脚本,并向其发送用户名和密码。然后,该脚本将检查数据库中的凭据,如果凭据正确则会对我的应用程序作出肯定回复,如果不正确,则会回复。更具体地说,它只检查用户组成员身份并发送回复。现在的问题是它总是发送否定回复。你能告诉我我哪里错了吗?
<?php
function append_file( $filename, $newdata )
{
$f = fopen( $filename, "a" );
fwrite( $f, $newdata );
fclose( $f );
}
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$m_pUsername = $_POST['user'];
$m_pPassword = $_POST['pass'];
$m_pDate = date(DATE_RFC822);
$m_pIP = $_SERVER[ 'REMOTE_ADDR' ];
$conf['host'] = 'localhost';
$conf['user'] = 'XXX';
$conf['pass'] = 'XXX';
$conf['database'] = 'XXX';
if( !$m_pUsername || !$m_pPassword )
die("g_requireUpdate");
$con = mysql_connect($conf['host'],$conf['user'],$conf['pass']) or die ("cannot connect");
mysql_select_db($conf['database'])or die("cannot select DB");
$sql = mysql_query("SELECT * FROM `user`");
while($row = mysql_fetch_array($sql))
{
$salt = $row['salt'];
$md5_pass = MD5(md5($m_pPassword) . $salt);
if($m_pUsername == $row['username'] && $md5_pass == $row['password'] )
{
if( $row['usergroupid'] == '5' || $row['usergroupid'] == '9' || $row['usergroupid'] == '7' || $row['usergroupid'] == '6' || $row['usergroupid'] == '71' || $row['usergroupid'] == '72' )//VIPS + STAFF
{
print("g_userValid ");
append_file( "access_log.txt", "($m_pUsername) \t ($m_pIP) \n");
}
if( $row['usergroupid'] == '2')//NON VIP
{
print("g_userNormal ");
exit;
}
if( $row['usergroupid'] == '8')//BANNED
{
print("g_userBanned ");
exit;
}
}
}
append_file( "access_log.txt", "($m_pUsername) \t ($m_pIP) \t \n");
mysql_close();
?>