我遇到了一个小问题... 我有一个带有简单mysqli登录脚本的网站,每当我输入用户名,密码和PIN码时,该脚本都会使我登录。
现在的问题是,我只能使用用户名和密码(无需输入PIN码...)登录我的网站,但是每当我输入PIN码时,它都必须是正确的密码...
我该怎么解决这个问题?
我的代码:
<?php
$connect = mysqli_connect("localhost", "root", "", "testing");
session_start();
if(isset($_SESSION["username"]))
{
header("location:entry.php");
}
if(isset($_POST["login"]))
{
if(empty($_POST["username"]) && empty($_POST["pin"]))
{
echo '<script>alert("Alle felter SKAL udfyldes!")</script>';
}
else
{
$username = mysqli_real_escape_string($connect, $_POST["username"]);
$password = mysqli_real_escape_string($connect, $_POST["password"]);
$pin = mysqli_real_escape_string($connect, $_POST["pin"]);
$password = sha1($password);
$pin = sha1($pin);
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password' AND pin = '$pin'";
$result = mysqli_query($connect, $query);
if(mysqli_num_rows($result) > 0)
{
$_SESSION['username'] = $username;
header("location:entry.php");
}
else
{
echo '<script>alert("Forkert brugernavn, adgangskode eller pin-kode")</script>';
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<script>
var loc = window.location.href+'';
if (loc.indexOf('http://')==0){
window.location.href = loc.replace('http://','https://');
}
</script>
<title>
MJVS - Private area.
</title>
<link rel="shortcut icon" href="/title_logo.png" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js"></script>
<link rel="stylesheet" href="style.css" />
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>
</head>
<body>
<br /><br />
<div class="container" style="width:500px;">
<h3 align="center"></h3>
<br />
<h3 align="center"><b>Login</b></h3>
<br />
<form method="post">
<label>Enter Username</label>
<input type="text" name="username" class="form-control" />
<br />
<label>Enter Password</label>
<input type="password" name="password" class="form-control" />
<br />
<label>Enter PIN</label>
<input type="password" name="pin" class="form-control" maxlength="4" />
<br />
<input type="submit" name="login" value="Login" class="btn btn-info" />
<br />
</form>
<?php
?>
</div>
</body>
</html>
答案 0 :(得分:0)
使用以下代码:-
<?php
$connect = mysqli_connect("localhost", "root", "", "testing");
session_start();
if(isset($_SESSION["username"]))
{
header("location:entry.php");
}
if(isset($_POST["login"]))
{
if($_POST["username"] == '' || $_POST["pin"] == '')
{
echo '<script>alert("Alle felter SKAL udfyldes!")</script>';
}
else
{
$username = mysqli_real_escape_string($connect, $_POST["username"]);
$password = mysqli_real_escape_string($connect, $_POST["password"]);
$pin = mysqli_real_escape_string($connect, $_POST["pin"]);
$password = sha1($password);
$pin = sha1($pin);
$query = "SELECT * FROM users WHERE username = '$username'";
$result = mysqli_query($connect, $query);
if(mysqli_num_rows($result) > 0)
{
$row = mysqli_fetch_assoc($connect, $result) ;
$pass = $row['password'] ;
$check_pin = $row['pin'] ;
if ($password === $pass && $pin === $check_pin){
$_SESSION['username'] = $username;
header("location:entry.php");
}
}
else
{
echo '<script>alert("Forkert brugernavn, adgangskode eller pin-kode")</script>';
}
}
}
?>