Php登录问题

时间:2012-02-22 17:35:01

标签: php mysql

我的代码有什么问题。它说...(1)需要的用户名(2)如果我点击没有用户名和密码的登录按钮,密码不正确,但它应该显示所有必填项。

<?php
if(isset($_POST['action']) && isset($_POST['action']) == "Sign in") 
{
    include("../secure/content/database/db.php");

    $uname = mysql_real_escape_string(trim($_POST['uname']));
    $pass = md5(mysql_real_escape_string(trim($_POST['pass'])));

    /// check user name
    $sql = mysql_query("SELECT uname FROM members WHERE uname = '$uname'"); 
    $num_u = mysql_num_rows($sql);

    // check user password
    $sql2 = mysql_query("SELECT pass FROM members WHERE pass = '$pass'");
    $num_p = mysql_num_rows($sql2);

    $err = array(); 
    if(isset($uname) && isset($pass))
    {
        if( empty($uname)  && empty($pass))
        {
            $err[] = "All field required";          
        }
        else
        {       
            if(empty($uname))
            {
                $err[] = "Username required";
            }
            else
            {
                if($num_u == 0) $err[] = "Username is not correct"; 
            }

            if(empty($pass))
            {
                $err[] = "Password required";
            }
            else
            {
            if($num_p == 0)
            $err[] = "Password is not correct"; 
            }           

        }

        if(!empty($err))
        {
            foreach($err as $er)
            {
                echo "<font color=red>$er</font><br>";
            }   
        }
        else
        {
            include("content/include/newsession.php");
            $tm = date("Y-m-d H:i:s");
            $ip = $_SERVER['REMOTE_ADDR'];
            $rt = mysql_query("insert into plus_user_login(id,uname,ip,tm, status, tm_out) values ('$_SESSION[id]','$_SESSION[uname]','$ip','$tm', 'ON', '')");
            echo mysql_error();
            print "<script>";
            print " self.location='content/index.php';";
            print "</script>";
        }
    }
}

任何想法或解决方案..

4 个答案:

答案 0 :(得分:5)

在这一行:

$pass = md5(mysql_real_escape_string(trim($_POST['pass'])));

你正在调用md5(),它总是返回一个值,即使$ _POST ['pass']为空。所以空($ pass)永远不会成真。

答案 1 :(得分:0)

空字符串的md5()总和或NULL不会产生空值,因此即使$pass为空,您也始终拥有$_POST['pass']中的值。

// Never empty
$pass = md5(mysql_real_escape_string(trim($_POST['pass'])));

// Because:
var_dump(md5(""));
string(32) "d41d8cd98f00b204e9800998ecf8427e"

当您检查是否存在$uname&amp; $pass,请改为使用$_POST值:

 // instead of
 if( empty($uname)  && empty($pass))
 // do
 if(empty($uname)  && empty($_POST['pass']))

答案 2 :(得分:0)

请从以下行中删除此md5,如果pass为空,则md5创建一个字符串。

md5(mysql_real_escape_string(trim($_POST['pass'])));

使用它。

mysql_real_escape_string(trim($_POST['pass']));

在另一个中使用md5。

答案 3 :(得分:0)

您遇到此问题,因为空字符串是可清除的,请参阅this

更改

if(isset($uname) && isset($pass))


if(isset($uname) && isset($_POST['pass']))
相关问题
最新问题