我遇到了一个问题,所以当用户尝试登录并且失败时(输入错误的用户名和密码),数据需要保存在数据库中,但它只是不起作用。
如果我把INSERT INTO放在if ($pw == $row['passwd']中它会起作用,但我想在其他地方写它,就像在示例中一样。
<?php
session_start();
require('connect.php');
$mail = $_POST['mail'];
$pw = $_POST['password'];
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$lastip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$lastip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$lastip = $_SERVER['REMOTE_ADDR'];
}
$time = date('Y-m-d H:i:s');
$query = "SELECT * FROM `users` WHERE `login_email`='$mail' AND `passwd`='$pw'";
$result = mysql_query($query);
if(!$result){$_SESSION['error'] = 1;Header("Location: login.php");}
while ($row = mysql_fetch_assoc($result)) {
if ($pw == $row['passwd'])
{
$_SESSION['logiran'] = 1;
$_SESSION['mail'] = $mail;
$_SESSION['error'] = 0;
$_SESSION['sucess'] = 1;
$_SESSION['msg'] = 0;
$_SESSION['subuser'] = 0;
$_SESSION['subcid'] = $row['id'];
$query = "UPDATE `users` SET `login` = '$time' WHERE `login_email`='$mail' AND `passwd`='$pw'";
mysql_query($query);
$query = "UPDATE `users` SET `last_ip` = '$lastip' WHERE `login_email`='$mail' AND `passwd`='$pw'";
mysql_query($query);
Header("Location: index.php");
}
else
{
$query = "INSERT INTO `alerts`(`ipaddress`, `user`, `added`) VALUES ('$lastip', '$mail', '$time')";
mysql_query($query);
$_SESSION['error'] = 1;
$_SESSION['logiran'] = 0;
$_SESSION['subcid'] = 0;
$_SESSION['subuser'] = 0;
Header("Location: login.php");
}
}
?>
答案 0 :(得分:0)
@sense是的,错了。它一定是
if(!$result){some code}
但我们想要这个:
如果启用了mysql_query INSERT INTO,则它无法正常工作
if ($pw == $row['passwd']){ some code }
else { here }
,但是mysql_query INSERT INTO已启用
if ($pw == $row['passwd']){ here }然后它的作品。
答案 1 :(得分:0)
if(!$result){$_SESSION['error'] = 1;Header("Location: login.php");}
删除此行,而不是输入错误的用户名或密码,然后将其保存在数据库中。