我正在尝试让用户登录
控制页面上的:
<?php include"files/header.php";?>
<?php
global $tf_handle;
$u_name = strip_tags($_POST['u_name']);
$u_pass = md5($_POST['u_pass']);
if(isset($_POST['login']))
{
if(empty($u_name) or empty($u_pass))
{
echo"
<div class='error'>Fill the The Form PLease</div><br />
";
}
else
{
$sqlquery = mysqli_query($tf_handle,"SELECT * FROM user WHERE u_name = '".$u_name."' AND u_pass = '".$u_pass."'");
if(mysqli_num_rows($sqlquery) > 0)
{
$fetchLquery = mysqli_fetch_object($sqlquery);
print_r($fetchLquery);
$uid = $fetchLquery->u_id;
$uname = $fetchLquery->u_name;
echo "$uname";
$upass = $fetchLquery->u_pass;
if($uname != $u_name )
{
//AND $upass != $u_pass
echo"
<div class='error'>wrong name</div><br />
";
}
else
{
setcookie("uid",$uid,time()+60*60*24);
setcookie("login",1,time()+60*60*24);
echo"
<div class='error'>Done !</div><br />
";
header('Refresh: 3;url=index.php');
}
}
else
{
echo"
<div class='error'>Wrong information</div><br />
";
}
}
}
?>
<div class="rightco">
<div class="B_t_in">
<div class="title_b">
<h3>Pen Testing</h3>
</div>
<div class="info">
By : ~Hacker~
Date :30/5/2015
</div>
</div>
<table class="tb" width="100%" border="0" >
<tr>
<td width="20%"><div class="pic"><img src="http://3.bp.blogspot.com/-xUY6gP4Uhgw/U7ADSxKjwBI/AAAAAAAABM8/uVAbk_D06Wg/s1600/php-framework1+copy.png" alt="" /></div> </td>
<td width="80%">
<p>
Test Test Test Test Test Test Test Test TestTest Test Test Test Test Test Test Test Tes
Test Test Test Test Test Test Test Test Test
</p>
</td>
</tr>
</table>
<div class="more"><a href="#">Read More !</a></div>
</div>
<?php include"files/block.php";?>
<?php include"files/footer.php";?>
结果
错误的名称
&安培;我试图回应变量来检查它
$fetchLquery = stdClass Object ( [u_id] => 3 [u_name] => memo [u_pass] => 202cb962ac59075b964b07152d234b70 [u_email] => jankeh@yahoo.com [u_ulv] => 1 )
$uname = 'memo'
不应执行此条件if($uname != $u_name )
我不知道这个问题是什么原因!
我应该检查另一件事吗?
答案 0 :(得分:0)
您无需检查名称是否匹配。
为什么?
如果用户名和密码与您在查询中输入的用户名和密码相匹配,则您的查询将仅返回数据。你两次做同样的事情 - 一次是在SQL中,一次是在PHP中!
您只需要检查查询是否返回了任何内容。如果有,你知道它是一场比赛! :)