密码失败时未显示错误消息

时间:2012-02-07 10:15:45

标签: php mysql

为什么我的错误消息没有显示密码或用户名是否不正确?我想在用户输入错误的用户名或密码时显示错误消息

代码可以在下面看到

<?php

// Inialize session
session_start();

// Include database connection settings
include('connect.inc');

// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM users WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string(md5($_POST['password'])) . "')");

// Check username and password match
if (mysql_num_rows($login) == 1) {
        // Set username session variable
        $_SESSION['username'] = $_POST['username'];
    }
    else
    {
    // Invalid login
    echo "Your username or password are incorrect!";
}

        // Jump to secured page
           $row = mysql_fetch_array($login);

switch ($row['drop']):
    case yes:
        header('Location: choose1.php');
        exit;
    case no:
        header('Location: choose2.php');
        exit;


}
else {

        header('Location: login.php');


}

?>

3 个答案:

答案 0 :(得分:2)

在切换案例

中的'break中写入案例值
case 'yes':
        header('Location: choose1.php');
        exit; // this line shouldn't be needed but it's good practice
        break;

case 'no':
        header('Location: choose2.php');
        exit;
        break;

更好的方式:

<?php session_start();
require_once('connect.inc');

// Retrieve username and password from database according to user's input
$input_username = mysql_real_escape_string($_POST['username']);
$login = mysql_query("SELECT * FROM users WHERE username = '".$input_username."'" );

// Check username and password match
$row = mysql_fetch_array($login);
if (mysql_num_rows($login)) {
        if($row['password'] === md5($_POST['password'])){
             $_SESSION['username'] = $_POST['username']; // store in session
             switch ($row['drop']){
                    case 'yes': header('Location: choose1.php'); break;
                    case 'no': header('Location: choose2.php'); break;
                }
                     exit;
        }
        else {
            echo "Wrong username and password combination";
            exit;
        }       
}
else{
        // Invalid login
        echo "Invalid Unsername";
        header('Location: login.php');
        exit;
}
?>

答案 1 :(得分:0)

<?php

// Inialize session
session_start();

// Include database connection settings
include('connect.inc');

// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM users WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string(md5($_POST['password'])) . "')");

// Check username and password match
if (mysql_num_rows($login) == 1) {
  // Set username session variable
  $_SESSION['username'] = $_POST['username'];
}
else {
  // Invalid login
  header('Location: login.php?try=failed');
  exit;
}

// Jump to secured page
$row = mysql_fetch_array($login);

switch ($row['drop']) {
  case 'yes': header('Location: choose1.php'); exit;
  case 'no':  header('Location: choose2.php'); exit;
}

?>

在login.php上,检查try = failed:

if ($_GET['try'] === 'failed') {
echo "Your username or password are incorrect!";
//echo YOUR_LOGIN_FORM here
}

答案 2 :(得分:0)

可能是处理问题的更好方法。

注意:我初始化$_SESSION['error'],只需在login.php上使用if(isset($_SESSION['error'])) echo $_SESSION['error'];即可显示错误。     

// Inialize session
session_start();

// Include database connection settings
include('connect.inc');

// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM users WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . md5($_POST['password']) . "')");

// Check username and password match
if(mysql_num_rows($login) == 1) {
    // Set username session variable
    $_SESSION['username'] = $_POST['username'];

    // fetch results
    $row = mysql_fetch_array($login);

    // jump to secured page
    switch($row['drop'])
    {
        case 'yes':
            header('Location: choose1.php');
            exit;
        case 'no':
            header('Location: choose2.php');
            exit;
    }
} else {
    // invalid login
    // set error session
    $_SESSION['error'] = "Your username or password are incorrect!";
    header('Location: login.php');
    exit;
}
?>