2012-08-12 215 views
-1

我的登录代码有几个问题。我知道我没有加密密码,但这仅仅是为了现在的学习基础。PHP登录脚本会话问题

  1. 所以我知道我是从我的形式获取值,因为当我提供一个正确的登录它引导我,因为我的会议是成员的index.php然后立即重定向我访问denied.php不正确?

  2. 当我提供了一个无效的登录它不重定向我登录,failed.php它只是坐在作为的login.php有一个空白页,这就是IM从表单输入指挥它。

这是我参考的数据库表:

表:登录

+---------+----------+-------- 
    | login_ID | Login_PW| auth | 
    +-------=--+---------+-------- 
    | User_test| 123 | null | 
    +----------+---------+-------- 


<?php 
    function clean($str) 
    { 
     $str = @trim($str); 
     if(get_magic_quotes_gpc()) { 
      $str = stripslashes($str); 
     } 
     return $str; 
    } 

    //Sanitize the POST values 

    if (isset($_POST['username']))  
    {  
       $username = clean($_POST['username']);  
    }  


    if (isset($_POST['password']))  
    {  
    $password = clean($_POST['password']); 

    }  

    /* Create a new mysqli object with database connection parameters */ 
    $mysqli = mysqli_connect('localhost', 'root', '', 'draftdb'); 

    if(mysqli_connect_errno()) 
    { 
     echo "Connection Failed: " . mysqli_connect_errno(); 
     exit(); 
    } 

    /* Is your username the same as the login_id? If not you need to change this query's where to use the username column not the login_id. */ 

    /* Create a prepared statement */ 
    if($stmt = $mysqli -> prepare(" 
     SELECT Login_ID, Login_PW 
     FROM login 
     WHERE Login_ID=? AND Login_PW=? 
    ")) 
    { 
     /* Bind parameters 
      s - string, b - boolean, i - int, etc */ 
     $stmt -> bind_param("ss", $username, $password); 

     /* Execute it */ 
     $result = $stmt -> execute(); 

     /* Bind results to variables that will be used within the fetch() loop. */ 
     $stmt -> bind_result($username, $password); 

     //Check whether the query was successful or not 
     if ($result === false) 
     { 
      die("Query failed"); 
     } 
      /* Iterate over the results of the query. */ 
     while ($stmt->fetch()) 
     { //while loop open 
      if($_POST['username'] == $username && $_POST['password'] == $password) 
       { 
      //$member = mysqli_fetch_assoc($result); 


       session_regenerate_id(); 
      /* We can create a _SESSION cause we binded the result to those variables above. */ 
       //$_SESSION['SESS_MEMBER_ID'] = $username; 
       $_SESSION['username'] = $_POST['username']; 


      session_write_close(); 
      header("location: member-index.php"); 
      exit(); 

       } 

       elseif($result -> num_rows == 0) 
        { 
        header("location: login-failed.php"); 
        exit(); 
        } 

     }//while loop close 

      /* Close statement */ 
      $stmt -> close(); 
    }//main if close 

     /* Close connection */ 
     $mysqli -> close(); 

会员-的index.php

<?php 
    //Start session 
    session_start(); 

    //Check whether the session variable SESS_MEMBER_ID is present or not 
    if(!$_SESSION['username']) { 
     header("location: access-denied.php"); 
     exit(); 
    } 
?> 
+0

我们需要更多的代码来理解。你能把你的整个应用程序放在这里吗 – 2012-08-12 03:51:59

回答

0
/* Execute it */ 
$result = $stmt -> execute(); 
$stmt -> store_result(); 

. 
. 
. 

elseif($stmt -> num_rows == 0) // note $stmt instead of $result 

应该这样做

+0

谢谢我改变了它,但仍然没有将我重定向到错误的用户名/密码组合的无效登录 – Undermine2k 2012-08-12 04:32:04

+0

$ stmt-> num_rows的输出是什么? – 2012-08-12 04:33:37

+0

我把函数从fetch循环中移出来,并将它作为if语句,现在它可以工作,为什么?我怎么能找到$ stmt-> num_rows的输出?使用var_dump? – Undermine2k 2012-08-12 04:39:17