我用我的应用程序的登录..首先我只使用管理员登录,它工作完美,但现在当我添加老师和学生登录以及,但我找到问题,它不记录我的客栈。,,只是重定向到未经授权的访问的请求帮助登录代码无法正常工作
的login.php
<?php include("../includes/config.php");?>
<!DOCTYPE HTML>
<html>
<head>
<title>Admdin Login</title>
</head>
<body>
<form method="post" action="login-action.php">
<label>User Name:</label> <input type="text" name="un" />
<label>Password:</label> <input type="password" name="pd" /> <br /><br />
<input type="submit" value="Login" />
</form>
<a href="forgot-password.php">Forgot Password?</a>
</body>
</html>
这是登录-action.php的
<?php include("../includes/config.php");?>
<?php
$uid=$_POST["un"];
$pwd=$_POST["pd"];
$encpwd=md5($pwd);
$con=mysql_connect($dbserver,$dbusername,$dbpassword);
if (!$con) { die('Could not connect: ' . mysql_error()); }
mysql_select_db($dbname, $con);
$result = mysql_query("SELECT * FROM accounts WHERE (email='".$uid."' AND password='".$encpwd."')");
$num_rows = mysql_num_rows($result);
if ($num_rows > 0) {
while($row = mysql_fetch_array($result))
{
$_SESSION['firstname'] = $row['firstname'];
$_SESSION['lastname'] = $row['lastname'];
$_SESSION['type'] = $row['type'];
$_SESSION['id'] = $row['id'];
$_SESSION['email'] = $row['email'];
$_SESSION["loggedin"]=true;
}
}
else {
$_SESSION["loggedin"]=false;
}
mysql_close($con);
if ($_SESSION["loggedin"])
{
if ($_SESSION["type"]=="A")
{
$_SESSION["isadmin"]=true;
}
if ($_SESSION["type"]=="T")
{
$_SESSION["isteacher"]=true;
}
if ($_SESSION["type"]=="S")
{
$_SESSION["isstudent"]=true;
}
}
if ($_SESSION["isadmin"])
{
header("Location: $fullpath"."admin/000.php");
}
if ($_SESSION["isteacher"])
{
header("Location:$fullpath"."teacher/");
}
if ($_SESSION["isstudent"])
{
header("Location:$fullpath"."student/");
}
else {
header("Location: $fullpath"."login/unauthorized.php");
}
?>
你是否检查过你的查询是否有效,并在'$ result'中获得正确的信息? – andrewsi
**你的代码很容易受到SQL注入**你真的*应该使用[prepared statements](http://stackoverflow.com/a/60496/623041),你将变量作为参数传递给它没有得到评估的SQL。如果你不知道我在说什么,或者如何解决它,请阅读[Bobby Tables]的故事(http://stackoverflow.com/questions/332365/xkcd-sql-injection-please-explain) 。 – eggyal
不意味着显而易见,但您是否仔细检查了大小写?用户名/密码的区分大小写的性质在之前已经让我绊倒了很多次。 – bobbiloo