我正在尝试通过创建一个小的登录表单来学习PHP。我有2个错误。首先,当我登录时,我只能登录一个用户,该用户是我在ID为1的数据库中的用户。我总共有3个用户,我无法登录其他用户。其次,当我登录时,我想这样做,我无法访问登录表单。
我已连接到数据库。
登录表单:
<!DOCTYPE html>
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
$securePassword = md5($password);
{ // Select table(s)
$tUsers_Select = "SELECT user_id, username, password FROM users";
$tUsers_Select_Query = mysqli_query($dbConnect, $tUsers_Select);
}
$row = mysqli_fetch_array($tUsers_Select_Query);
$dbusername = $row['username'];
$dbpassword = $row['password'];
if ($username == $dbusername AND $securePassword == $dbpassword) {
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header("Location: home.php");
} else {
echo "Incorrect name or password";
}
?>
<div id="main-content">
<div class="welcome-msg">
<h1 class="huge">Welcome!</h1>
<h3 class="medium">Please sign in</h3>
<form id="login-form" action="/lr/index.php" method="post">
<label for="username">Username</label>
<input type="text" name="username" id="username">
<label for="password">Password</label>
<input type="password" name="password" id="password">
<button type="submit" name="submit">Log in</button>
</form>
</div>
</div>
</body>
主页:
<!DOCTYPE html>
<html>
<?php
session_start();
{ // Select table(s)
$tUsers_Select = "SELECT * FROM users";
$tUsers_Select_Query = mysqli_query($dbConnect, $tUsers_Select);
}
if (isset($_SESSION['username'])) {
$username = $_SESSION['username'];
$password = $_SESSION['password'];
// echo $username."<br />";
// echo $password."<br />";
// echo $securePassword."<br />";
} else {
header(
"Location: /lr/index.php"
);
}
?>
<div id="main-content">
<h1 class="huge">Welcome back, <?php echo $username ?>!</h1>
<a href="/lr/logout.php">Logout</a>
</div>
</body>
注销:
<!DOCTYPE html>
<?php
session_start();
session_destroy();
?>
<div id="main-content">
<div class="welcome-msg">
<h1 class="huge">Bye-Bye!</h1>
</div>
</div>
</body>
如果您需要更多详情,请发表评论。
答案 0 :(得分:1)
首先,您获得了所有用户,在首先获取用户之后,您可以检查输入。这是错误的,并将始终使用表的第一个记录检查您的输入。另外使用crypt()
哈希密码更好
而不是那样,更改您的查询以使用您拥有的信息获取用户:
$securePassword = crypt($password, $password);
$stmt = mysqli_prepare("SELECT user_id, username, password FROM users WHERE username=? AND password=?");
$stmt->bind_param( "ss", $username, $securePassword);
$stmt->execute();
if($stmt->num_rows === 1)
{
$_SESSION['username'] = $username;
//$_SESSION['password'] = $password; You don't need that
}
else
echo "Incorrect name or password";
最后,如果您想要从登录用户隐藏登录表单,只需将登录表单包装在以下if
块之间:
<?PHP if(isset($_SESSION['username'])): ?>
<script>window.location = 'home.php';</script>
<?PHP else: ?>
<!-- Form element -->
<?PHP endif; ?>