2016-08-19 88 views
0

我有我的代码有问题,当我加入这个登录页面允许任何密码登录PHP

的login.php

<?PHP session_start(); 
$_SESSION['email'] = $_POST['email']; 

?> 
<?php echo '<script>window.location = "http://somepage.com/"</script>'; ?> 

我的登录页面允许任何密码登录,它显示正确的电子邮件地址在我的主页。但是当我删除上面的代码并键入任何密码它不会让我登录我必须使用正确的密码。为什么会发生?我真的需要上面的代码工作,因为那让我登录到受限制的页面,这是我在有限的页面上使用像profile.php

resctricted页面,如profile.php

<?PHP 
session_start(); 
if(!$_SESSION['email']){ 
header("Location: login"); 
die; 
} 
?> 

<?PHP session_start(); 
 
$_SESSION['email'] = $_POST['email']; ?> 
 

 
<?php echo '<script>window.location = "http://torcdesign.com/"</script>'; ?> 
 

 
<?php 
 
\t require_once("configur.php"); 
 
\t $mysqli = new mysqli(localhost, root, password, dbname); 
 
\t # check connection 
 
\t if ($mysqli->connect_errno) { 
 
\t \t echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>"; 
 
\t \t exit(); 
 
\t } 
 
    
 
$email=$_POST['email']; 
 

 

 
$encrypt_password = $_POST['encrypt_password']; 
 
$encrypt_password = hash("sha512",$encrypt_password); 
 
    
 
\t $sql = "SELECT * from register_login WHERE email='$email' and encrypt_password='$encrypt_password'"; 
 
\t $result = $mysqli->query($sql); 
 
\t if (!$result->num_rows == 1) { 
 
\t \t echo "<p>Invalid username/password combination</p>"; 
 
\t } else { 
 
\t \t echo "<p>Logged in successfully</p>"; 
 
\t \t // do stuffs 
 
\t } 
 

 
?> \t \t

回答

0

不要设置会话您检查条件之前

<?PHP session_start(); ?> 

<?php echo '<script>window.location = "http://torcdesign.com/"</script>'; ?> 

<?php 
    require_once("configur.php"); 
    $mysqli = new mysqli(localhost, root, password, dbname); 
    # check connection 
    if ($mysqli->connect_errno) { 
     echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>"; 
     exit(); 
    } 

$email=$_POST['email']; 


$encrypt_password = $_POST['encrypt_password']; 
$encrypt_password = hash("sha512",$encrypt_password); 

    $sql = "SELECT * from register_login WHERE email='$email' and encrypt_password='$encrypt_password'"; 
    $result = $mysqli->query($sql); 
    if (!$result->num_rows == 1) { 
     echo "<p>Invalid username/password combination</p>"; 
    } else { 
     $_SESSION['email'] = $email; 
     echo "<p>Logged in successfully</p>"; 
     // do stuffs 
    } 

?>