美好的一天,在做我的项目时,我确实陷入了登录页面。
这可能是一个非常微不足道的问题,甚至可能重复,但我无法在网上找到任何解决方案。
出于某种原因,我的php脚本只是跳过我的登录表单并继续进行会话并重定向到index.php。
这是我的php脚本,用于检查数据库中是否存在电子邮件和密码:
if(isset($_POST['login'])) {
require 'connect.php';
$email = $_POST['email'];
$password = $_POST['password'];
$select_userdata = "select * from users where password ='$password' AND email = '$email'";
$run_check = mysqli_query($dbconfig, $select_userdata);
$check_user = mysqli_num_rows($run_check);
/**Error part**/
if ($check_user == 0) {
echo "<script>alert('Password or email is incorrect')</script>";
echo "<script>window.open('login.php','_self')</script>";
} else {
$_SESSION['email'] = $email;
echo "<script>alert ('You Have Been Logged in')</script>";
header('Location: index.php');
exit;
}
}
if(isset($_GET['logout'])) {
unset($_SESSION['email']);
}
出于某种原因,如果我在数据库中有电子邮件和密码,脚本不关心。它“假装”有这样的电子邮件地址和密码,并跳到$ _SESSION ['email'] = $ email;
我的问题是,我做错了什么,我该如何解决?
答案 0 :(得分:1)
问题在于你的逻辑而不是你的代码。 $ check_user为0或更多,您的代码没有区别。它总是到达 $ _ SESSION [&#39; email&#39;] = $ email ;线。 试试这个:
<?php
session_start();
include'functions/dbconfig.php';
if(isset($_POST['login'])) {
require 'functions/connect.php';
$email = $_POST['email'];
$password = md5($_POST['password']);
$select_userdata = "select * from users where password ='$password' AND email = '$email'";
$run_check = mysqli_query($dbconfig, $select_userdata);
$check_user = mysqli_num_rows($run_check);
if ($check_user == 0)
{
echo "<script>alert('Password or email is incorrect')</script>";
echo "<script>window.open('login.php','_self')</script>";
}
else
{
$_SESSION['email'] = $email;
echo "<script>alert ('You Have Been Logged in')</script>";
header('Location: index.php');
exit;
}
}
if(isset($_GET['logout'])) {
unset($_SESSION['email']);
}
?>