为什么我的错误消息没有显示密码或用户名是否不正确?我想在用户输入错误的用户名或密码时显示错误消息
代码可以在下面看到
<?php
// Inialize session
session_start();
// Include database connection settings
include('connect.inc');
// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM users WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string(md5($_POST['password'])) . "')");
// Check username and password match
if (mysql_num_rows($login) == 1) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
}
else
{
// Invalid login
echo "Your username or password are incorrect!";
}
// Jump to secured page
$row = mysql_fetch_array($login);
switch ($row['drop']):
case yes:
header('Location: choose1.php');
exit;
case no:
header('Location: choose2.php');
exit;
}
else {
header('Location: login.php');
}
?>
答案 0 :(得分:2)
在切换案例
中的'和break中写入案例值
case 'yes':
header('Location: choose1.php');
exit; // this line shouldn't be needed but it's good practice
break;
case 'no':
header('Location: choose2.php');
exit;
break;
<?php session_start();
require_once('connect.inc');
// Retrieve username and password from database according to user's input
$input_username = mysql_real_escape_string($_POST['username']);
$login = mysql_query("SELECT * FROM users WHERE username = '".$input_username."'" );
// Check username and password match
$row = mysql_fetch_array($login);
if (mysql_num_rows($login)) {
if($row['password'] === md5($_POST['password'])){
$_SESSION['username'] = $_POST['username']; // store in session
switch ($row['drop']){
case 'yes': header('Location: choose1.php'); break;
case 'no': header('Location: choose2.php'); break;
}
exit;
}
else {
echo "Wrong username and password combination";
exit;
}
}
else{
// Invalid login
echo "Invalid Unsername";
header('Location: login.php');
exit;
}
?>
答案 1 :(得分:0)
<?php
// Inialize session
session_start();
// Include database connection settings
include('connect.inc');
// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM users WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string(md5($_POST['password'])) . "')");
// Check username and password match
if (mysql_num_rows($login) == 1) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
}
else {
// Invalid login
header('Location: login.php?try=failed');
exit;
}
// Jump to secured page
$row = mysql_fetch_array($login);
switch ($row['drop']) {
case 'yes': header('Location: choose1.php'); exit;
case 'no': header('Location: choose2.php'); exit;
}
?>
在login.php上,检查try = failed:
if ($_GET['try'] === 'failed') {
echo "Your username or password are incorrect!";
//echo YOUR_LOGIN_FORM here
}
答案 2 :(得分:0)
可能是处理问题的更好方法。
注意:我初始化$_SESSION['error'],只需在login.php上使用if(isset($_SESSION['error'])) echo $_SESSION['error'];即可显示错误。
// Inialize session
session_start();
// Include database connection settings
include('connect.inc');
// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM users WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . md5($_POST['password']) . "')");
// Check username and password match
if(mysql_num_rows($login) == 1) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
// fetch results
$row = mysql_fetch_array($login);
// jump to secured page
switch($row['drop'])
{
case 'yes':
header('Location: choose1.php');
exit;
case 'no':
header('Location: choose2.php');
exit;
}
} else {
// invalid login
// set error session
$_SESSION['error'] = "Your username or password are incorrect!";
header('Location: login.php');
exit;
}
?>