Question

Helo，我登录然后我想如果用户名错误和密码正确然后显示警告如果用户名是错误的，如果用户名权限和密码错误然后显示警告如果密码错误和如果用户名和密码匹配，那么重定向到index.php

这是我的剧本

<?php
  if(isset($_GET['log'])){
    session_start();
    session_destroy();
  }
  $conn = mysqli_connect( "localhost","root","","mydb");
  $username = isset($_POST["username"]) ? $_POST["username"] : '';
  $password = isset($_POST["password"]) ? $_POST["password"] : '';
  $password = md5($password);



  if($username!='' and $password!=''){

    $sql = mysqli_query($conn, "SELECT * from user WHERE username = '$username' AND password = '$password' limit 1");
    $data = mysqli_fetch_assoc($sql);

    if($data){
      session_start();
      $_SESSION['username']     = $data['username'];
      $_SESSION['password']     = $data['password'];
    }

    if(isset($_SESSION["username"])){
      header('Location: index.php');
    }

    else {
      echo "<script type='text/javascript'>
        alert('wrong username and password..!!!');
      </script>";
    }
  }

?>
<body class="" style="background: #fff">
<br><br><br>  <br><br><br>    
    <center></center><br>    
    <div class="form-box" id="login-box" style="width: 430px;margin-top: -0px;border-radius: 0"> 
        <div class="header" style="background: #2880d7;border-radius: 0">KOPKAR Manunggal Perkasa</div>
        <form action="#" method="post">
            <div class="body bg-gray">
                <div class="form-group">
                    <input type="text" name="username" class="form-control" placeholder="Username"/>
                </div>
                <div class="form-group">
                    <input type="password" name="password" class="form-control" placeholder="Password"/>
                </div>
            </div>
            <div class="footer text-center" style="background: #dbdbe0;border-radius: 0">
                <button type="submit" name="login" class="btn btn-lg" style="background: #2880d7;color: white;width: 30%">Login</button>


            </div>
        </form>

    </div>

</body>

谢谢

Answer 1

<?php

if (isset($_GET['log'])) {
    session_start();
    session_destroy();
}
$conn = mysqli_connect("localhost", "root", "", "mydb");
$username = isset($_POST["username"]) ? $_POST["username"] : '';
$password = isset($_POST["password"]) ? $_POST["password"] : '';
$password = md5($password);
$msg = "";
$status = 0;

if ($username != '' and $password != '') {

    $sql = mysqli_query($conn, "SELECT * from user WHERE username = '$username' OR password = '$password' limit 1");
    $data = mysqli_fetch_assoc($sql);

    if ($data) {
        $status = 1;
        session_start();
        if ($data['username'] == $username && $data['password'] == $password) {
            $_SESSION['username'] = $data['username'];
            $_SESSION['password'] = $data['password'];
        } else if ($data['username'] != $username) {
            $status = 0;
            $msg = "username  is wrong";
        } else if ($data['password'] != $password) {
            $status = 0;
            $msg = "  password is wrong";
        }
    } else {
        $status = 0;
        $msg = "username and password is wrong";
    }
    $alert = "<script type='text/javascript'>
        alert('" . $msg . "');
      </script>";
    if (!$status) {
        echo $alert;
    }
    if (isset($_SESSION["username"])) {
        header('Location: index.php');
    } 
}
?>

Answer 2

（已编辑）空密码的md5生成此：

d41d8cd98f00b204e9800998ecf8427e

我修改了你的代码：

<?php

if( isset( $_GET['log'] ) )
{
    session_start();
    session_destroy();
}
$conn = mysqli_connect( "localhost","root","","mydb");
$username = isset($_POST["username"]) ? $_POST["username"] : '';
$password = isset($_POST["password"]) ? $_POST["password"] : '';
// Control attempt variable
$attempt  = FALSE;

if( $username != '' && $password != '' )
{
    // ESCAPE!!! SQL INYECTION
    $query = sprintf(
        "SELECT * FROM user WHERE username = '%s' AND password = '%s' LIMIT 1;",
        mysqli_real_escape_string( $username ),
        md5( $password )
    );
    $result = mysqli_query( $conn, $query );

    if( $result )
    {
        $data = mysqli_fetch_assoc( $result );
        //
        session_start();
        //
        $_SESSION['username'] = $data['username'];
        $_SESSION['password'] = $data['password'];

        header('Location: index.php');
    }
    $attempt = TRUE;
}
?>
<html>
<thead></thead>
<body class="" style="background: #fff">
    <br><br><br>  <br><br><br>    
    <center></center><br>    
    <div class="form-box" id="login-box" style="width: 430px;margin-top: -0px;border-radius: 0"> 
        <div class="header" style="background: #2880d7;border-radius: 0">KOPKAR Manunggal Perkasa</div>
        <form action="#" method="post">
            <div class="body bg-gray">
                <div class="form-group">
                    <input type="text" name="username" class="form-control" placeholder="Username"/>
                </div>
                <div class="form-group">
                    <input type="password" name="password" class="form-control" placeholder="Password"/>
                </div>
            </div>
            <div class="footer text-center" style="background: #dbdbe0;border-radius: 0">
                <button type="submit" name="login" class="btn btn-lg" style="background: #2880d7;color: white;width: 30%">Login</button>
            </div>
        </form>

    </div>
    <?php if( $attempt ): ?>
    <script type="text/javascript">
        alert('wrong username and password..!!!');
    </script>
    <?php endif; ?>
</body>
</html>

我建议您不要使用md5

php中的用户名检查和密码检查验证

2 个答案: