SQL中的禁止帐户无效

时间:2017-01-30 14:46:59

标签: php mysql

为什么我不能阻止使用banstatus“禁止”访问网站的用户?现在的错误是php禁止所有用户访问该网站,即使他们的banstatus没有被禁止。请帮助识别错误,因为我一直在尝试解决错误,但仍无法解决。提前谢谢你:)

这些是我的代码:

    if(!empty($_POST['username'])){
    $username=$_POST['username'];
    }
    else
    {
    $username=null;
    echo "<font color='red'> Please enter your username! </font></p>";  
    }

    if(!empty($_POST['password'])){
    $password= md5($_POST['password']);
    }
    else
    {
    $password=null;
    echo "<font color='red'> Please enter your password! </font></p>";
    }

    if ($username && $password) {


        $connection = mysql_connect("", "", "", "");

        $username = stripslashes($username);
        $password = stripslashes($password);
        $username = mysql_real_escape_string($username);
        $password = mysql_real_escape_string($password);

        $db = mysql_select_db("", $connection);

        $query = mysql_query("SELECT * FROM users WHERE username='$username' and password='$password' and active=1", $connection);
        $rows = mysql_num_rows($query);
        if ($rows == 1) {
            if ($rows['banstatus'] == '') {
            session_start();
            $_SESSION['username'] = $username;
            header("Location:somewhere.php");
           }
            else{
                echo "<br><br><br><b><font color='red'>Your account has been banned. Please contact the administrator.</font></b><br><br>"; 
            }
       }        
        else {
        echo "<br><br><br><b><font color='red'> Login is not successful.</font></b><br><br>";   
        }
        mysql_close($connection); // Closing Connection
       }

1 个答案:

答案 0 :(得分:0)

if(!empty($_POST['username'])){
$username=$_POST['username'];
}
else
{
$username=null;
echo "<font color='red'> Please enter your username! </font></p>";  
}

if(!empty($_POST['password'])){
$password= md5($_POST['password']);
}
else
{
$password=null;
echo "<font color='red'> Please enter your password! </font></p>";
}

if ($username && $password) {


    $connection = new mysqli($your_db_IP_ADDR, $your_db_username, $your_db_pass, $your_db_database_name);

    /*$username = stripslashes($username);*/ //if you using mysqli real_escape_string you don't need to stripslashes
    /*$password = stripslashes($password);*/ //MD5 is an hash. You don't need to stripslashes it
    $username = $connection->real_escape_string($username);
    /*$password = $connection->real_escape_string($password)*/ // your $password is an MD5 hash. You don't need to escape it;



    $results = $connection->query("SELECT * FROM users WHERE username='$username' and password='$password' and active = 1");

    if ($results->num_rows === 1) {
        $row = $results->fetch_assoc(); //call it row, it just one
        if ($row['banstatus'] === '') {
           session_start();
           $_SESSION['username'] = $username;
           $connection->close(); // Closing Connection also HERE before redirect
           header("Location:somewhere.php");
       } else {
            echo "<br><br><br><b><font color='red'>Your account has been banned. Please contact the administrator.</font></b><br><br>"; 
       }
   } else {
    echo "<br><br><br><b><font color='red'> Login is not successful.</font></b><br><br>";   

   }
    $mysqli->close();
}
相关问题
最新问题