好的,首先,这里首先是我的代码
的login.php
<?php session_start();
//Begin the session here and if the users login is successful a varaible for this session
//is assigned $_SESSION['id']=ID which will dictate in admin php if they are logged in
?>
<?php
include 'Includes/connect.php';
//if the user submits a username and pass from the loginform pass the
//data to the variables $username and $password
if (isset($_POST['username']) && isset($_POST['password'])) {
$username=$_POST['username'];
$password=$_POST['password'];
//Pull the data from the login table on the database. Here it is specifiying the sql statement to be used in prepare()
//
$sql = "SELECT * FROM user WHERE username = :username";
$query = $pdo -> prepare($sql);
$query -> bindParam(':username',$username);
$query ->execute();
//store retrieved row to a variable
$results = $query -> fetch(PDO::FETCH_ASSOC);
//check to see if we get a result and return the the number of rows affected by the SQL statment and if it is more then 0
if($results != FALSE && $query -> rowcount() > 0 ) {
//This sets the salt for cyrpting to be the username that is entered and logged in with from loginform.php. This ensures the password on my
// database is different to that on another one
$salt =$results['Email'];
$auth_user = hash('sha256', $salt.$password);
//This will then hash the password of the admin user that has successfuly logged in
if($results['password'] == $auth_user ){
$_SESSION['id']=$results['id'];
header("Location:user.php");
exit;
//if the users inputted password matches that of the one in the login table
// set the $_SESSION variable $_SESSION['id'] and redirect to the admin page.
}
else {
header("Location:loginform.php");
exit;
//If login failed direct back to the loginform
}
}else {
header("Location:loginfssom.php");
exit;
}
//return to loginform.php if failed login
}
?>
基本上它没有登录网站。我可能做了一些愚蠢的事。凌晨2点,在咖啡上加油。无论如何,如果它是我自己的无知,我会事先道歉。
登录表单代码
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Login</title>
<link rel="stylesheet" href="css/user.css" media ="screen">
<link rel="stylesheet" href="css/mobile.css" media ="handheld">
</head>
<body>
<div id="container">
<header></header>
<body>
<div class="body"></div>
<div class="grad"></div>
<div class="header">
<div>The<span> Store</span></div>
</div>
<br>
<div class="login">
<form action ="login.php" method = "POST">
<input type="text" placeholder="Username" name="username" required><br>
<input type="password" placeholder="Password" name="password" required><br>
<input type ="submit" name = "submit" value="login">
<li><a href='resetform.php'>Forgot Password</a></li>
<li><a href='index.php'>Return</a></li>
</form>
</div>
</body>
</html>
</div>
</body>
</html>
答案 0 :(得分:4)
找到错误的一些要点:
1)您是否设置了error.log文件?你有PHP记录所有错误和警告?
查看此文章:php error reporting for single page?
2)检查指向URL的链接是否正确且区分大小写正确,例如include 'Includes/connect.php';
另请注意:您的某些列名称都是小写,有些是低级和高级,例如$results['Email']和$results['password']。建议保持一致,这里几乎是错字吗?
3)检查您的数据库是否包含您尝试登录的正确详细信息。
4)检查你的散列方法:
例如,仔细检查数据库中的字符编码以及输入表单上的字符编码以及修剪和整理密码字段。
我建议使用PHP password_hash()和password_verify()函数来检查密码而不是自己的散列方法。
5)添加var_dump()并在每个部分后输出您的数据和die()语句以检查变量值。如果您的网页没有很多内容,您还可以使用http://php.net/manual/en/function.get-defined-vars.php get_defined_vars。这非常有用。
上述一项或多项措施可以解决您的问题。