我一直在与代码挣扎!!我一直收到无效的密码错误,但无论多少次我调整散列的位置或在哪里检查密码我仍然得到它,即使我为不同的用户放置正确的密码...我真的需要一些帮助! 我的数据库中的'用户'表是 ID 用户名 密码(sha1) fullnames 手机号码 用户类型 这是我目前正在努力工作的代码!
<body>
<div data-role="page" id="login">
<div data-role="header" data-theme="c">
<h2 align="center"><strong>Sign In</strong></h2>
</div>
<div data-role="content">
<form name="login" class="ui-corner-all" method="post" action="">
<label for="username" class="ui-hidden-accessible">Username:</label>
<input type="text" id="username" name ="username" placeholder="Username" required>
<br>
<br>
<label for="password" class="ui-hidden-accessible">Password:</label>
<input type="password" id="password" name ="password" placeholder="Password" required>
<br>
<fieldset class="ui-grid-a">
<div class="ui-block-a">
<input name="login" type="submit" id="login" formmethod="POST" value ="login" data-ajax="false" data-theme="b">
</div>
<div class="ui-block-b">
<a href="Registration.html" data-ajax="false" data-role="button" data-theme="b">Not a user? Sign Up</a></div>
</fieldset>
</form>
<?php
if (isset($_POST["login"]) && !empty($_POST["login"])) {
$user = stripslashes($_POST['username']);
$pass = stripslashes($_POST['password']);
$user = mysqli_real_escape_string($link, $_POST['username']);
$pass = mysqli_real_escape_string($link, hash("SHA1",($_POST['password'])));
if ($user && $pass) { // CHECK ALL FIELD HAS BEEN FILLED UP
// QUERY FROM DATABASE
$sql = "SELECT * FROM users WHERE username='".$user."'";
$query =mysqli_query($link,$sql) or die(mysqli_error($link));
$numrows = mysqli_num_rows($query);
if($numrows !== 0)
{
while ($row = mysqli_fetch_assoc($query))
{
$username = $row['username'];
$password = $row['password'];
}
if($user==$username && $pass==$password)
{
echo "you are logged in";
@$_SESSION['username'] = $username;
}
else {
echo "your password is incorrect";
}
}
else
die ("that user doesn't exist!");
}
else
die ("Please enter a username and password");
}
?>
答案 0 :(得分:0)
您的代码运行正常。我收到“你登录了”。 我刚刚在mysqli_real_escape_string()
中添加了session_start()并替换了变量<form method="POST" action="includes/login.php">
<input type="email" name="email" placeholder="email" />
<input type="password" name="password" placeholder="parola" />
<input type="submit" value="Login" name="submit">
</form>
<?php
require_once 'config.php';
if(isset($_POST['submit'])) {
if(!empty($_POST[email]))
{
$email = mysqli_real_escape_string($link,$_POST['email']);
}
else
{
echo "Nu ati completat adresa de e-mail. <br />";
}
if(!empty($_POST['password']))
{
$password = mysqli_real_escape_string($link,$_POST['password']);
}
else
{
echo "Nu ati completat parola. <br />";
}
if(!empty($_POST['email']) && !empty($_POST['password']))
{
$query = ("SELECT * FROM `users` WHERE password = '".$password."' AND email = '".$email."'");
$result = mysqli_query($link, $query);
$row = mysqli_fetch_array($result);
$count_rows = mysqli_num_rows($result);
if ($count_rows == 1)
{
$_SESSION['login'] = "OK";
header("Location: ../index.php");
}
else
{
header("Location: ../login.php");
}
}}
?>