我发现这个forum thread用于登录和注册系统,但它不会检查密码是否正确,只是用户名。
这是我的登录页面代码:
static这是我使用的表格:
<?php
include('config.php');
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
$emailusername = mysqli_real_escape_string($obj->conn,$_POST['emailusername']);
$password = mysqli_real_escape_string($obj->conn,$_POST['password']);
$password = md5($password);
$sql="SELECT uid FROM users WHERE username='$emailusername' or email = '$emailusername' and password='$password'";
$result=mysqli_query($obj->conn,$sql);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
$active=$row['active'];
$count=mysqli_num_rows($result);
// If result matched $username and $username, table row must be 1 row
if($count==1)
{
$_SESSION['login_user'] = $emailusername;
header("location: index.php");
}
else
{
$error="<div style ='color:#c53131'>Your Login Name or Password is invalid</div>";
}
}
?>
</div>
<form class="fl" action="login.php" method="post">
<label>Username:</label><br/>
<input type="text" name="emailusername"/><br />
<br/>
<label>Password:</label><br/>
<input type="password" name="password"/>
<input type="submit" value=" Submit "/><br />
</form>
我是PHP的新手,并且不知道如何检查密码是否正确或不正确。有什么建议吗?
答案 0 :(得分:3)
尝试以下查询:
SELECT uid FROM users
WHERE (username='$emailusername' or email = '$emailusername')
and password='$password'";
答案 1 :(得分:1)
检查您的查询
$sql="SELECT uid FROM users WHERE (username='$emailusername' OR email = '$emailusername') AND(password='$password')";
答案 2 :(得分:0)
请尝试下面的查询:
SELECT uid
FROM users
WHERE (username='$emailusername' OR email = '$emailusername')
AND password='$password'
希望这会对你有所帮助。
答案 3 :(得分:0)
查询应该是这样的。
$sql="SELECT uid FROM users WHERE (username='".$emailusername."' or email = '".$emailusername."') and password='".$password."'";
如果必须使用不同的逻辑运算符,则应添加括号单独评估。此外,您必须将username和password作为字符串传递。