2011-12-13 316 views
0

我有这个登录脚本,但由于某种原因,它不工作。我检查了数据库,表单,并以5种不同的方式重新编写了脚本;然而,他们都有同样的问题,它不会启动会话。下面是代码:PHP - 登录脚本

<?php 
session_start(); 

//connect and select DB 
mysql_connect ("localhost", "root", "") or die ('Error: ' . mysql_error()); 
mysql_select_db('usr_info')or die ("cannot select DB :("); 

//transfer values sent from form 
$usrname = $_POST['usrname']; 
$passwrd = $_POST['passwrd']; 

//injection protection 
$usrname = stripslashes($usrname); 
$passwrd = stripslashes($passwrd); 
$usrname = mysql_real_escape_string($usrname); 
$passwrd = mysql_real_escape_string($passwrd); 

$sql = "SELECT * FROM usrs 
     WHERE usremail='$usrname' 
     and passwrd='".md5($_POST['passwrd'])."'"; 
$result = mysql_query($sql); 

//count the number of rows found with the given info 
$count = mysql_num_rows($result); 

//the matched result must be equal to 1 
if ($count == 1) { 
    $_SESSION['u_name'] = $usrname; 
    header("Location: ../../landing.php"); 
    exit(); 
} 
else { 
    echo "Wrong Username or Password"; 
} 

这是用形式IM:

<div id="login-signup" class="letters2"><a href="javascript:blankfunction()">Login | Signup</a></div> 
<div id="point-1" class="point-1"><img src="site-wide/point-1.png" width="405" height="131" /> 
    <div id="login-form"> 
    <form id="login" method="POST" action="site-wide/effects/login.php"> 
    <label for="username"></label> 
    <input type="text" name="usrname" id="usrname" value="email" onfocus="clearMe(this);" onblur="unClearMe(this);"/> 
    <label for="passwrd"></label> 
    <input type="password" name="passwrd" id="passwrd" value="password" onfocus="clearMe(this);" onblur="unClearMe(this);"/> 
    <input type="image" src="site-wide/submit.png" name="submit" id="submit" value="login"/> 
    </form> 

这是的USR表在我的数据库:

的USR

Field Type   Null Default Comments 
ID   int(4)  No 
usrfname  varchar(15) No  
usrlname  varchar(15) No   
usremail  varchar(45) No 
passwrd  varchar(8) No 
usrage  int(3)  No 
usrgender varchar(7) No 

我找到了回答xD ..问题是数据库。密码字段只有8个字符,而真正的md5密码超过了15个。所以我所做的只是增加字段可处理的字符数和中提琴!

+0

刚刚意识到它实际上跳过了整个'if'语句。 – GeneralCan

+0

我告诉过你在这段代码中没有好处,lol :) –

回答

-1

在我的最后工作很好,只是添加了jogesh_p建议的内容。

请检查会话是否已经开始,然后继续执行脚本的其余部分。它可能会抛出任何错误?像这样设置error_reporting:

<?php 
error_reporting(E_ALL); 
if (!session_start()) { 
    die("The session hasn't been started!"); 
} 

这样你就可以在继续之前检查是否有错误。

+0

只是检查了它,会话确实启动 – GeneralCan

+0

但会跳过if语句。我是否正确输入了sql查询? – GeneralCan

+0

你有没有试过做一些调试?像'var_dump($ count);'或者检查mysql_query是否返回任何错误(可能是'mysql_query($ sql)'或者'print(mysql_error())''也可以)。 –

0

我想你还必须检查用户名和密码是否提交?

if(isset($_POST['submit_button_name'])){ 
    // then your code 
    // and if the both are submitted and 
    // match into the database then use session_start(); 
} 
+0

我刚加了'echo $ count'在脚本的末尾。和“$计数”返回0每次 – GeneralCan

+0

@ user1095145就意味着,从你的用户试图在你的数据库登录不退出.. –

+0

我在DB – GeneralCan

0

你或许应该使用相同的密码变量名的位置:

$sql = "SELECT * FROM usrs WHERE usremail='$usrname' and passwrd='".md5($_POST['passwrd'])."'"; 

要:

$sql = "SELECT * FROM usrs WHERE usremail='$usrname' and passwrd='".md5($passwrd)."'"; 

你重定向?或者它说错了用户/密码?如果你被重定向,那么看起来证书已经通过并且用户被认证了。你检查了会议吗?

+0

也请考虑使用PDO否则你的脚本是开放的SQL注入。 – Devraj

+0

任何意见将有所帮助。此脚本运行并且您尝试登录后会发生什么?你有没有看到任何错误?这只是会议吗?具体问题是什么? –

+0

运行脚本后,它只是给了我错误消息“错误的用户名/通行证”,它永远不会重定向 – GeneralCan

0

如果$ count为0,那么很有可能您输入的凭据是错误的。 但只是试试这个。更改查询到

SELECT * FROM usrs 
    WHERE usrs.usremail = '$usrname' 
    and usrs.passwrd = '".md5($passwrd)."' 
+0

是啊,谓没有工作,要么:( – GeneralCan

+0

也许不是'usrs.usremail =“$ usrname''但'usrs.usremail = '{$ usrname}'' – SSpoke

0

我写一个PHP登录脚本和共享上的一篇文章...这里是代码:

<?php 
 
include 'inc/config.php'; 
 
$err = "Enter Your Email and Password"; 
 

 
$email = filter_input(INPUT_POST,'email',FILTER_SANITIZE_EMAIL); 
 
$password = filter_input(INPUT_POST,'pwd',FILTER_SANITIZE_STRING); 
 

 
if(isset($email) && isset($password)){ //If Email and Password is Given then Continue 
 
$q = mysqli_query($con,"SELECT * FROM users WHERE email='$email'"); 
 
if(mysqli_num_rows($q)>0){ //Checking Email from the Database 
 
    $password = sha512($password); 
 
    $u = mysqli_query($con,"SELECT * FROM users WHERE email='$email' AND pwd='$password'"); 
 
    if(mysqli_num_rows($u)>0){ //Matching Email and Password from the Database 
 

 
    //Download the script to get the full code 
 

 
     $_SESSION['username'] = $data['username']; 
 
     $err = NULL; 
 
     $time = time()+(24*60*60); //Setting time for 24 hours 
 
     setcookie("mct_session",true,$time); //Setting Cookie 
 
    }else{ 
 
     $err = "Email and Password doesn't match"; 
 
    } 
 
}else{ 
 
    $err = "No User Account Found"; 
 
} 
 
} 
 
if(isset($err)){ 
 
    header("Location: index.php?err=".$err); //Login Failed 
 
}else{ 
 
    header("Location: dashboard.php"); //Login Success 
 
} 
 
?>

和形式我是使用是:

 <form class="login-form" action="login.php" method="POST"> 
 
     <div class="form-group"> 
 
      <label form="email">Email:</label> 
 
      <input type="email" name="email" placeholder="Email Address" class=form-control required/> 
 
     </div> 
 
     <div class="form-group"> 
 
      <label form="pwd">Password:</label> 
 
      <input type="password" placeholder="Password" name="pwd" class=form-control required/> 
 
     </div> 
 
     <div class="form-action"> 
 
      <div class="col-sm-12"><a href="#" onclick="toggleForm()" class="pull-left font-bree font-2x">Sign Up</a><input type="submit" class="submit_btn btn pull-right" value="Login"/></div> 
 
     </div> 
 
     </form> 
 
<!--Login Form Ends-->

检查出来http://mycodingtricks.com/php/php-login-script-with-example/

0

此登录是容易受到SQL注入,可以考虑使用PDO。