Question

我未来用户的登录页面允许任何用户名和密码访问。这段代码位于一个名为Login.php的文件中，应该引导你进入Account.php但无论你在表单中输入什么内容，它都会把你带到那里。

<?php
require 'Connections/Connections.php';
include('header.php');
?>

<?php

if(isset($_POST['Login'])){

    $UN= $_POST['Username'];
    $PW = $_POST['Password'];

    $result = $con->query("Select * from users where Username='$UN' AND Password='$PW'");

    $row = $result->fetch_array(MYSQLI_BOTH);

    $_SESSION["UserID"] = $row['UserID'];

    header('Location: Account.php');
}
?>

<!doctype html>
<html>
<head>
    <meta http-equiv='Content-Type' content='text/html; charset=utf-8'/>
    <link href="style/UserStyle.css" rel="stylesheet" type="text/css" />
    <title>Register</title>
</head>

<body>
    <form action="" method="post" name="LoginForm" id="LoginForm">

        <div class="FormElement">
            <input name="Username" type="text" required="required" class="TField" id="Username" placeholder="Username">
        </div>

        <div class="FormElement">
            <input name="Password" type="Password" required="required" class="TField" id="Password" placeholder="Password">
        </div>

        <div class="FormElement">
            <input name="Login" type="submit" class="button" id="Login" placeholder="Login">
        </div>
</body>

连接到我的数据库并创建变量$ con

的connection.php

<?php
mysql_connect("localhost", "MyRealUsername", "MyRealPassword"); 
mysql_select_db("Registration"); 
$con = mysqli_connect("localhost", "MyRealUsername", "MyRealPassword", "Registration");
?>

非常感谢您的帮助！

Answer 1

请在您的PHP代码中进行以下更改。您目前只检查post变量和验证用户。从数据库中获取值后，请检查结果数组，然后重定向到Account.php如果用户存在于数据库中，则重定向到Login.php

<?php

if(isset($_POST['Login'])){

    $UN= $_POST['Username'];
    $PW = $_POST['Password'];

    $result = $con->query("Select * from users where Username='$UN' AND Password='$PW'");

    $row = $result->fetch_array(MYSQLI_BOTH);

    if( isset($row) &&  $row['UserID'] != "" ){ // authenticated user, redirect to account page
    $_SESSION["UserID"] = $row['UserID'];

    header('Location: Account.php');

    }else{ // redirect to login page
        header('Location: Login.php');

    }
}
?>

另外请清理查询字符串中的输入值以防止sql注入，如下所示。

    $UN= $con->real_escape_string($_POST['Username']);
    $PW = $con->real_escape_string($_POST['Password']);

$result = $con->query("Select * from users where Username='$UN' AND Password='$PW'");

Answer 2

您的问题是您没有验证用户/密码组合。

您从数据库中获取用户记录：

$UN= $_POST['Username'];
$PW = $_POST['Password'];

$result = $con->query("Select * from users where Username='$UN' AND Password='$PW'");

$row = $result->fetch_array(MYSQLI_BOTH);

但是你不要检查这样的记录是否会退出，只是无论如何都要登录用户。

添加此项检查：

if ($row) {
   $_SESSION["UserID"] = $row['UserID'];

   header('Location: Account.php');
}

还有一件事，connection.php中的这两行完全没用，因为它们使用较旧的PHP Mysql库：

mysql_connect("localhost", "MyRealUsername", "MyRealPassword"); 
mysql_select_db("Registration");

更重要的是，总是过滤用户输入，然后再将其传递给SQL查询，因为不过滤会将应用程序打开到SQL注入。

Answer 3

<?php
    /* Only execute code if it is a post request */
    if( $_SERVER['REQUEST_METHOD']=='POST' ){

        /* Make sure all variables are at least set */
        if( isset( $_POST['Login'], $_POST['Username'], $_POST['Password'] ) ){

            /* basic filtering of posted data */
            $username=mysqli_real_escape_string( $con, filter_input( FILTER_POST, 'Username', FILTER_SANITIZE_STRING ) );
            $password=mysqli_real_escape_string( $con, filter_input( FILTER_POST, 'Password', FILTER_SANITIZE_STRING ) );

            /* Only proceed if there are non empty values after filtering */
            if( !empty( $username ) && !empty( $password ) ){

                $sql="select * from `users` where `Username`='".$username."' and `password`='".$password."';";
                $result=$con->query( $sql );
                $uid=false;

                /* Check you have a result */
                if( $result && $result->num_rows() > 0 ){
                    while( $rs=$result->fetch_object() ){
                        $uid=$rs->UserID;
                    }
                }
                if( $uid ) {
                    $_SESSION["UserID"]=$uid;
                    header( 'location: account.php' );  
                }

            }



            /*
              ------------------------------------------------
              Alternative method, using a "prepared statement"
              ------------------------------------------------

              You do not need to be so particular filtering data
              that is used in the sql query...

            */
            $sql_prepared='select `UserID` from `users` where `Username`=? and `Password`=?';

            $stmt=$con->prepare( $sql_prepared );
            $stmt->bind_param( 'ss', $username, $password );

            $username=$_POST['Username'];
            $password=$_POST['Password'];

            /* Only process if we have non-empty values */
            if( !empty( $username ) && !empty( $password ) ){

                $result=$stmt->execute();
                $stmt->bind_result( $uid );

                if( $result ){
                    $stmt->fetch();
                    $stmt->close();

                    $_SESSION["UserID"]=$uid;
                    header( 'location: account.php' );  
                }
            }
        }
    }
?>

PHP数据库登录脚本问题

3 个答案: