嗨,我做了一个登录脚本,但它不会登录我,并一直告诉我不正确的匹配。这里是我的代码:从数据库登录的PHP用户不会登录
include_once("dbConnect.php");
// Set the posted data from the form into local variables
$usname = strip_tags($_POST['username']);
$paswd = strip_tags($_POST['password']);
$usname = mysqli_real_escape_string($dbCon, $usname);
$paswd = mysqli_real_escape_string($dbCon, $paswd);
$sql = "SELECT * FROM user WHERE username = '$usname' AND usertype = '1' LIMIT 1";
$query = mysqli_query($dbCon, $sql);
$row = mysqli_fetch_row($query);
$uid = $row[0];
$dbUsname = $row['username'];
$dbPassword = $row['password'];
// Check if the username and the password they entered was correct
if ($usname == $dbUsname && $paswd == $dbPassword) {
// Set session
$_SESSION['username'] = $usname;
$_SESSION['id'] = $uid;
// Now direct to users feed
header("Location: user.php");
} else {
echo "<h2>Oops that username or password combination was incorrect.
<br /> Please try again.</h2>";
}
的用户名为admin,而密码是PPsleep1和用户类型为1,你可以尝试自己:http://daltyapps.com/daltyapps/portfolio/paypal/log/index.php
它看起来像你存储**明文密码**这是一个非常坏的做法。 – RiggsFolly
你的**用户名**是独一无二的? –
在尝试执行IF测试之前,只需添加一个'var_dump($ row);'。查看数据库字段中的实际内容。 – RiggsFolly