1. 首页
  2. 问答
  3. 从数据库登录的PHP用户不会登录

从数据库登录的PHP用户不会登录

2015-11-06 102 views
0

嗨,我做了一个登录脚本,但它不会登录我,并一直告诉我不正确的匹配。这里是我的代码:从数据库登录的PHP用户不会登录

include_once("dbConnect.php"); 

// Set the posted data from the form into local variables 
$usname = strip_tags($_POST['username']); 
$paswd = strip_tags($_POST['password']); 

$usname = mysqli_real_escape_string($dbCon, $usname); 
$paswd = mysqli_real_escape_string($dbCon, $paswd); 


$sql = "SELECT * FROM user WHERE username = '$usname' AND usertype = '1' LIMIT 1"; 
$query = mysqli_query($dbCon, $sql); 
$row = mysqli_fetch_row($query); 
$uid = $row[0]; 
$dbUsname = $row['username']; 
$dbPassword = $row['password']; 

// Check if the username and the password they entered was correct 
if ($usname == $dbUsname && $paswd == $dbPassword) { 
    // Set session 
    $_SESSION['username'] = $usname; 
    $_SESSION['id'] = $uid; 
    // Now direct to users feed 
    header("Location: user.php"); 
} else { 
    echo "<h2>Oops that username or password combination was incorrect. 
    <br /> Please try again.</h2>"; 
}

的用户名为admin,而密码是PPsleep1和用户类型为1,你可以尝试自己:http://daltyapps.com/daltyapps/portfolio/paypal/log/index.php

来源

2015-11-06 Daniel Juhl Sørensen

+0

它看起来像你存储**明文密码**这是一个非常坏的做法。 – RiggsFolly

+0

你的**用户名**是独一无二的? –

+0

在尝试执行IF测试之前,只需添加一个'var_dump($ row);'。查看数据库字段中的实际内容。 – RiggsFolly

回答

-1

结合当前形势,我可以建议你在代码以下修复:

<?php 
include_once("dbConnect.php"); 

// Set the posted data from the form into local variables 
$usname = strip_tags($_POST['username']); 
$paswd = strip_tags($_POST['password']); 

$usname = mysqli_real_escape_string($dbCon, $usname); 
$paswd = mysqli_real_escape_string($dbCon, $paswd); 

// use both username and password to retrieve records from table 
$sql = "SELECT * FROM user WHERE username = '$usname' AND password = '$paswd' AND usertype = '1'"; 

$query = mysqli_query($dbCon, $sql); 
if($query) // check if query runs properly or is having any error 
{ 
    if(mysqli_num_rows($query) == 1) // check if ony one user with 'USERNAME - PASSWORD' pair exists in database 
    { 
     $row = mysqli_fetch_row($query); 
     $uid = $row[0]; 
     $dbUsname = $row[INDEX_OF_USERNAME_FIELD]; 

     // Set session 
     $_SESSION['username'] = $usname; 
     $_SESSION['id'] = $uid; 
     // Now direct to users feed 
     header("Location: user.php"); 
    } 
    else 
    { 
     echo "<h2>Oops that username or password combination was incorrect. 
     <br /> Please try again.</h2>"; 
    }  
} 
else 
{ 
    echo "Error in query ".mysqli_error($dbCon); 
} 
?>

来源

2015-11-06 09:18:02 Suyog

+0

downvote的原因???????? – Suyog

+0

为什么您将密码添加到查询中。 – RiggsFolly

+0

页面完全空白。 –

-1

使用下面的代码,

include_once("dbConnect.php"); 

// Set the posted data from the form into local variables 
$usname = strip_tags($_POST['username']); 
$paswd = strip_tags($_POST['password']); 

$usname = mysqli_real_escape_string($dbCon, $usname); 
$paswd = mysqli_real_escape_string($dbCon, $paswd); 


$sql = "SELECT * FROM user WHERE username = '$usname' AND usertype = '1' LIMIT 1"; 
$query = mysqli_query($dbCon, $sql); 
$row = mysqli_fetch_array($query); /*comment - have replace row with array*/ 
$uid = $row[0]; 
$dbUsname = $row['username']; 
$dbPassword = $row['password']; 

// Check if the username and the password they entered was correct 
if ($usname == $dbUsname && $paswd == $dbPassword) { 
    // Set session 
    $_SESSION['username'] = $usname; 
    $_SESSION['id'] = $uid; 
    // Now direct to users feed 
    header("Location: user.php"); 
} else { 
    echo "<h2>Oops that username or password combination was incorrect. 
    <br /> Please try again.</h2>"; 
}

来源

2015-11-06 10:44:26

+0

downvote的原因? –

-1

第二个选项使用,

include_once("dbConnect.php"); 

// Set the posted data from the form into local variables 
$usname = strip_tags($_POST['username']); 
$paswd = strip_tags($_POST['password']); 

$usname = mysqli_real_escape_string($dbCon, $usname); 
$paswd = mysqli_real_escape_string($dbCon, $paswd); 


$sql = "SELECT * FROM user WHERE username = '$usname' AND usertype = '1' LIMIT 1"; 
$query = mysqli_query($dbCon, $sql); 
$row = mysqli_fetch_row($query); 
$uid = $row[0]; 
$dbUsname = $row[1]; /*comment - if column username after column id in table */ 
$dbPassword = $row[2]; /*comment - if column password after column username in table*/ 

// Check if the username and the password they entered was correct 
if ($usname == $dbUsname && $paswd == $dbPassword) { 
    // Set session 
    $_SESSION['username'] = $usname; 
    $_SESSION['id'] = $uid; 
    // Now direct to users feed 
    header("Location: user.php"); 
} else { 
    echo "<h2>Oops that username or password combination was incorrect. 
    <br /> Please try again.</h2>"; 
}

来源

2015-11-06 10:50:12

相关问题

 相关问题