PHP登录表单错误

时间:2015-08-03 17:17:02

标签: php mysql

我正在尝试通过创建一个小的登录表单来学习PHP。我有2个错误。首先,当我登录时,我只能登录一个用户,该用户是我在ID为1的数据库中的用户。我总共有3个用户,我无法登录其他用户。其次,当我登录时,我想这样做,我无法访问登录表单。

我已连接到数据库。

登录表单:

<!DOCTYPE html>
<?php

session_start();

$username = $_POST['username'];
$password = $_POST['password'];
$securePassword = md5($password);

{   // Select table(s)
        $tUsers_Select = "SELECT user_id, username, password FROM users";
        $tUsers_Select_Query = mysqli_query($dbConnect, $tUsers_Select);
}
    $row = mysqli_fetch_array($tUsers_Select_Query);

    $dbusername = $row['username'];
    $dbpassword = $row['password'];

    if ($username == $dbusername AND $securePassword == $dbpassword) {
        $_SESSION['username'] = $username;
        $_SESSION['password'] = $password;
        header("Location: home.php");
    }   else {
        echo "Incorrect name or password";
    }

?>
    <div id="main-content">
        <div class="welcome-msg">
            <h1 class="huge">Welcome!</h1>
            <h3 class="medium">Please sign in</h3>

            <form id="login-form" action="/lr/index.php" method="post">
                <label for="username">Username</label>
                <input type="text" name="username" id="username">

                <label for="password">Password</label>
                <input type="password" name="password" id="password">

                <button type="submit" name="submit">Log in</button>
            </form>

        </div>
    </div>

</body>

主页:

<!DOCTYPE html>
<html>
<?php

session_start();


{   // Select table(s)
    $tUsers_Select = "SELECT * FROM users";
    $tUsers_Select_Query = mysqli_query($dbConnect, $tUsers_Select);
}

    if (isset($_SESSION['username'])) {


    $username = $_SESSION['username'];
    $password = $_SESSION['password'];

    // echo $username."<br />";
    // echo $password."<br />";
    // echo $securePassword."<br />";

}   else {
    header(
        "Location: /lr/index.php"
    );
}

?>

    <div id="main-content">
        <h1 class="huge">Welcome back, <?php echo $username ?>!</h1>
        <a href="/lr/logout.php">Logout</a>
    </div>


</body>

注销:

<!DOCTYPE html>
<?php

    session_start();
    session_destroy();

?>
    <div id="main-content">
        <div class="welcome-msg">
            <h1 class="huge">Bye-Bye!</h1>
        </div>
    </div>

</body>

如果您需要更多详情,请发表评论。

1 个答案:

答案 0 :(得分:1)

首先,您获得了所有用户,在首先获取用户之后,您可以检查输入。这是错误的,并将始终使用表的第一个记录检查您的输入。另外使用crypt()哈希密码更好 而不是那样,更改您的查询以使用您拥有的信息获取用户:

$securePassword = crypt($password, $password);
$stmt = mysqli_prepare("SELECT user_id, username, password FROM users WHERE username=? AND password=?"); 
$stmt->bind_param( "ss", $username, $securePassword);
$stmt->execute();

if($stmt->num_rows === 1)
{
    $_SESSION['username'] = $username;
    //$_SESSION['password'] = $password; You don't need that
}
else
    echo "Incorrect name or password";

最后,如果您想要从登录用户隐藏登录表单,只需将登录表单包装在以下if块之间:

<?PHP if(isset($_SESSION['username'])): ?>
    <script>window.location = 'home.php';</script>
<?PHP else: ?>
    <!-- Form element -->
<?PHP endif; ?>
相关问题
最新问题