1. 首页
  2. 问答
  3. PHP系统登录错误

PHP系统登录错误

2017-06-22 178 views
0

我在登录系统中遇到错误。我知道它有缺陷,仅用于学习目的。 所以问题是,即使我输入正确的登录信息,代码只是到最后一行并抛出最后的else语句。任何想法为什么这样做?PHP系统登录错误

<?php 
 

 
session_start(); 
 

 
if (isset($_POST['submit'])) { 
 

 
include 'dbc.php'; 
 

 
$login = mysqli_real_escape_string($conn, $_POST['login']); 
 
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']); 
 

 

 
//error handler 
 
//check if inputs are empty 
 
if (empty($login) || empty($pwd)){ 
 
    header("Location: login.php?login=empty"); 
 
    exit(); 
 
} else { 
 
    $sql = "SELECT * FROM user WHERE name='$login'"; 
 
    $result = mysqli_query($conn, $sql); 
 
    $resultCheck = mysqli_num_rows($result); 
 
    if ($resultCheck < 1) { 
 
    header("Location: login.php?login=error1"); 
 
    exit(); 
 
    } else { 
 
    if ($row = mysqli_fetch_assoc($result)) { 
 
    //dehashing 
 
    $hashedPwdCheck = password_verify($pwd, $row['pwd']); 
 
    if ($hashedPwdCheck == false) { 
 
    header("Location: login.php?login=error2"); 
 
    exit(); 
 
    } elseif ($hashedPwdCheck == true) { 
 
    //Log in user 
 
    $_SESSION['s_id'] = $row['name']; 
 
    header("Location: index.php?login=success"); 
 
    exit(); 
 
    } 
 
    } 
 
    } 
 
} 
 
} else { 
 
header("Location: login.php?login=error3"); 
 
exit(); 
 
}

来源

2017-06-22 robis42

+7

显示您我们你'form' – hungrykoala

+0

你不该”用这个密码'mysqli_real_escape_string()'你应该使用准备好的语句 –

+0

你能告诉我们你的表单代码吗?您可能缺少提交按钮 – Sehdev

回答

0

所以问题是,即使我已经正确输入登录信息 代码只是进入到最后一行,并抛出了最后别的 声明。

那么它可能发生,你不必与submit名称的按钮,因此它进入到最后一行...一个解决方案,我能想到的是使用服务器的方法@Ivo p与建议,这是从他的回答延伸。

<?php 
    session_start(); 
    if ($_SERVER['REQUEST_METHOD'] == "POST") { 

     $login = $_POST['login']; 
     $pwd = $_POST['pwd']; 

     if (empty($login) || empty($pwd)) { 
      header("Location: login.php?login=empty"); 
      exit(); 
     } else { 

     } 

     $sql = "SELECT * FROM user WHERE name = ? LIMIT 1"; 
     $stmt = $conn->prepare($sql); 
     $stmt->bind_param('s', $login); 
     $stmt->execute(); 
     $result = $stmt->get_result(); 
     $row = $result->fetch_assoc(); 
     if (password_verify($pwd, $row['pwd'])) { 
      $_SESSION['s_id'] = $row['name']; 
      header("Location: index.php?login=success"); 
      exit(); 
     } else { 
      header("Location: login.php?login=error2"); 
      exit(); 
     } 
    } 
    ?>

来源

2017-06-22 09:49:50

1
,如果你在最后else语句结束

,那么第一个是否提供FALSE。

因此:你确定$_POST['submit']是否存在?

我宁愿:

if('POST' == $_SERVER['REQUEST_METHOD'])

而不是检查一些按钮的存在?值

来源

2017-06-22 09:36:53

0

这里是你的代码只是一些改变和纠正。

<?php 

    include 'dbc.php'; 
    session_start(); 

if (isset($_POST['submit'])) { 



    $login = mysqli_real_escape_string($conn, $_POST['login']); 
    $pwd = mysqli_real_escape_string($conn, $_POST['pwd']); 


     $sql   = "SELECT * FROM user WHERE name='$login'"; 
     $result  = mysqli_query($conn, $sql); 
     $resultCheck = mysqli_num_rows($result); 
     if ($resultCheck < 1) { 
      $msg = "<div class='error'><p>no such account found. please 
      register first</p></div>"; 
     } else { 
      if ($row = mysqli_fetch_assoc($result)) { 
       //dehashing 
       $hashedPwdCheck = password_verify($pwd, $row['pwd']); 
       if (!$hashedPwdCheck) { 
        $msg = "<div class='error'><p>password does not match 
          with account</p></div>"; 
       } else { 
        //Log in user 
        $_SESSION['s_id'] = $row['id']; 
        header("Location: index.php"); 
        exit(); 
       } 
      } 
     } 

?> 
<html> 
    <?php 
    //error message defined on the top 
    if(isset($msg)){ 

     echo $msg; 

    } 
    ?> 
    <form method="post"> 
     <input type="email" name="login" placeholder="your email address" 
     required> 
     <input type="password" name="pwd" placeholder="your password here" 
     required> 

     <button type="submit" name="submit"> Submit</button> 

    </form> 



</html>

提醒:不要重定向时,其没有必要储存的结果有时会生成HTML结果在一个变量,看看PDO,使您的应用更简单

来源

2017-06-22 13:18:54

相关问题

 相关问题