管理登录不起作用

Question

我有一个管理员登录脚本，它在成功登录后启动会话，但问题是它会将我们正确登录并将我们重定向到index.php，但在index.php处它表示您的登录会话是没有记录在数据库中。

<?php 
// This file is www.developphp.com curriculum material 
// Written by Adam Khoury January 01, 2011 
// http://www.youtube.com/view_play_list?p=442E340A42191003 
session_start(); 
if (!isset($_SESSION["manager"])) { 
    header("location: admin_login.php"); 
    exit(); 
} 
// Be sure to check that this manager SESSION value is in fact in the database 
$managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters 
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]); // filter everything but numbers and letters 
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters 
// Run mySQL query to be sure that this person is an admin and that their password session var equals the database information 
// Connect to the MySQL database 
include "../storescripts/connect_to_mysql.php"; 
$sql = mysqli_query($conn,"SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1"); // query the person 
// ------- MAKE SURE PERSON EXISTS IN DATABASE --------- 
$existCount = @mysqli_num_rows($conn,$sql); // count the row nums 
if ($existCount == 0) { // evaluate the count 
    echo "Your login session data is not on record in the database."; 
    exit(); 
} 
?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title>Store Admin Area</title> 
<link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" /> 
</head> 

<body> 
<div align="center" id="mainWrapper"> 
    <?php include_once("../template_header.php");?> 
    <div id="pageContent"><br /> 
    <div align="left" style="margin-left:24px;"> 
     <h2>Hello store manager, what would you like to do today?</h2> 
     <p><a href="inventory_list.php">Manage Inventory</a><br /> 
     <a href="#">Manage Blah Blah </a></p> 
    </div> 
    <br /> 
    <br /> 
    <br /> 
    </div> 
    <?php include_once("../template_footer.php");?> 
</div> 
</body> 
</html> 

我admin_login.php

<?php 
// This file is www.developphp.com curriculum material 
// Written by Adam Khoury January 01, 2011 
// http://www.youtube.com/view_play_list?p=442E340A42191003 
session_start(); 
if (isset($_SESSION["manager"])) { 
    header("location: index.php"); 
    exit(); 
} 
?> 
<?php 
// Parse the log in form if the user has filled it out and pressed "Log In" 
if (isset($_POST["username"]) && isset($_POST["password"])) { 

    $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); // filter everything but numbers and letters 
    $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); // filter everything but numbers and letters 
    // Connect to the MySQL database 
    include "../storescripts/connect_to_mysql.php"; 
    $sql = mysqli_query($conn,"SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person 
    // ------- MAKE SURE PERSON EXISTS IN DATABASE --------- 
    $existCount = mysqli_num_rows($sql); // count the row nums 
    if ($existCount == 1) { // evaluate the count 
     while($row = mysql_fetch_array($sql)){ 
      $id = $row["id"]; 
     } 
     $_SESSION["id"] = $id; 
     $_SESSION["manager"] = $manager; 
     $_SESSION["password"] = $password; 
     header("location: index.php"); 
     exit(); 
    } else { 
     echo 'That information is incorrect, try again <a href="index.php">Click Here</a>'; 
     exit(); 
    } 
} 
?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title>Admin Log In </title> 

</head> 

<body> 
<div align="center" id="mainWrapper"> 

    <div id="pageContent"><br /> 
    <div align="left" style="margin-left:24px;"> 
     <h2>Please Log In To Manage the Store</h2> 
     <form id="form1" name="form1" method="post" action="admin_login.php"> 
     User Name:<br /> 
      <input name="username" type="text" id="username" size="40" /> 
     <br /><br /> 
     Password:<br /> 
     <input name="password" type="password" id="password" size="40" /> 
     <br /> 
     <br /> 
     <br /> 

     <input type="submit" name="button" id="button" value="Log In" /> 

     </form> 
     <p>&nbsp; </p> 
    </div> 
    <br /> 
    <br /> 
    <br /> 
    </div> 
    <?php include_once("../template_footer.php");?> 
</div> 
</body> 
</html> 

Answer 1

所有的数据库会话中写道：是你的代码，而不是用户输入的，我不认为你需要它的正则表达式，而密码可能包含特殊字符，这将失败了。

只需更换

$managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]); // filter everything but numbers and letters $password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters

与

$managerID = $_SESSION["id"]); $manager = $_SESSION["manager"]); $password = $_SESSION["password"]);