我对php比较陌生,我试图编写一个非常简单的登录脚本。我已经获得了基本的功能,但我无法登录到系统。我的登录脚本在下面,我的注册脚本也在下面。php登录身份验证失败
checklogin.php
include_once 'inc/db.inc.php';
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(md5($_POST['password']));
try {
$sql="SELECT id, username, password FROM users WHERE username='$username' and password='$password'";
$result = $pdo->query($sql);
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count == 1){
// Register $username, $password and redirect to file "index.php"
session_register("username");
session_register("password");
header("Location: index.php");
}
else {
header("Location: login.php?invalid=1");
}
}
catch (PDOException $e) {
echo $e;
}
ob_end_flush();
?>
checkreg.php
include_once 'inc/db.inc.php';
//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['password'] | !$_POST['passwordconf']) {
die('You did not complete all of the required fields');
}
if ($_POST['password'] != $_POST['passwordconf']) {
die('Your passwords did not match. ');
}
$_POST['password'] = md5($_POST['password']);
if (!get_magic_quotes_gpc()) {
$_POST['password'] = addslashes($_POST['password']);
$_POST['username'] = addslashes($_POST['username']);
}
$username = $_POST['username'];
$password = $_POST['password'];
try {
// now we insert it into the database
$sql = "INSERT INTO users(username,password) VALUES ('$username','$password')";
$result = $pdo->exec($sql);
header("Location: index.php");
} catch (PDOException $e){
echo $e;
}
?>
我知道该登记写入数据库,但每次我尝试我收到我的证书无效标志有效的登录。任何你能做的事情都会很棒。谢谢。
似乎不像你阻止人们注册相同的用户名/密码组合。你在桌上碰巧有不止一次相同的组合?这会阻止$ count从1,并导致你所看到的。 – Gyhth 2013-02-27 19:10:17
您是否尝试在登录后尝试回显用户名和密码以查看它们是否与数据库匹配? – James 2013-02-27 19:11:42