我只是想为php应用程序编写登录系统。 我需要按类型(管理员/用户仪表板)用户登录类型,我看不出为什么这不起作用的任何原因。 如果有人帮助我,我会很高兴。非常感谢。 问题是,当你尝试使用正确的用户名和密码登录时,即使它是正确的,也只是抛出“错误的用户名或pw ....”
<?php
session_start();
$host="127.0.0.1"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="rocketevents"; // Database name
$tbl_name="users"; // Table name
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$myusername=$_POST['myusername'];
$mypassword=($_POST['mypassword']);
$type='';
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql = "SELECT * FROM $tbl_name WHERE `Username`= '$myusername' and `Password`= '$mypassword' and `Type`= '$type'";
$result = mysql_query($sql);
$array = mysql_fetch_array($result);
$_SESSION['myusername']=$array['myusername'];
$_SESSION['mypassword']=$array['mypassword'];
$user_type = $array['Type'];
$count=mysql_num_rows($result);
if (empty($_POST['myusername']) or (empty($_POST['mypassword']))){
echo"Please fill in your username or password";
echo"<br>Please try to <a href='index.php'>Log in </a> again";
} else {
if ($count == 1) {
$_SESSION ['myusername'] = $myusername;
$_SESSION ['mypassword'] = $mypassword;
if ($user_type == "Admin") {
header ( "location: admin.php" );
} else if ($array ["type"] == "User") {
header ( "location: user.php" );
} else if ($array ["type"] == "Visitor") {
header ( "location: visitor.php" );
}
}
else {
include("index.php");
echo"Wrong user or password";
echo"<br>Please try to <a href='index.php'>Log in</a> again or go to <a href='sign.php'>registration</a> page";
}
}
?>
答案 0 :(得分:1)
你的代码有很多缺陷而且 mysql_ *已被弃用,请尝试使用mysqli_ * OR PDO
试试这个
<?php
session_start();
//db connection
global $conn;
$servername = "127.0.0.1"; //host name
$username = "root"; //username
$password = "password"; //password
$mysql_database = "rocketevents"; //database name
//mysqli prepared statement
$conn = mysqli_connect($servername, $username, $password) or die("Connection failed: " . mysqli_connect_error());
mysqli_select_db($conn,$mysql_database) or die("Opps some thing went wrong");
if (empty($_POST['myusername']) || (empty($_POST['mypassword'])))
{
echo"Please fill in your username or password";
echo"<br>Please try to <a href='index.php'>Log in </a> again";
}
else
{
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
mysql_real_escape_string($data);
return $data;
}
$myusername=test_input($_POST['myusername']);
$mypassword=test_input($_POST['mypassword']);
$type='Admin'; //here you have set $_POST value of type
$tbl_name="users"; // Table name
$stmt = $conn->prepare("SELECT * FROM $tbl_name WHERE Username= and Password= and Type=? ");
$stmt->bind_param('sss',$myusername,$mypassword,$type);
$stmt->execute();
$result=$stmt->get_result();
$value=$result->fetch_assoc();
$row_count= $stmt->affected_rows;
$stmt->close();
$conn->close();
if ($row_count > 0)
{
//session setup
$_SESSION['myusername']=$value['Username'];
$_SESSION['mypassword']=$value['Password'];
$_SESSION['myusertype']=$value['Type'];
if ( $_SESSION['myusertype'] == "Admin")
{
header ( "location: admin.php" );
}
else if ( $_SESSION['myusertype'] == "User")
{
header ( "location: user.php" );
}
else ( $_SESSION['myusertype'] == "Visitor")
{
header ( "location: visitor.php" );
}
}
else
{
include("index.php");
echo"Wrong user or password";
echo"<br>Please try to <a href='index.php'>Log in</a> again or go to <a href='sign.php'>registration</a> page";
}
}
?>
答案 1 :(得分:0)
您正尝试按照未在查询中指定的名称访问结果集的列。
$array = mysql_fetch_array($result);
$_SESSION['myusername']=$array['myusername'];
$_SESSION['mypassword']=$array['mypassword'];
结果不会包含任何名为myusername或mypassword的列。
使用var_dump($array);调查您的查询实际返回的内容。