0

我一直在试图弄清楚我做错了什么。当它检查用户是否在第 26 行被激活时,即使用户被激活,它也会将用户发送到第 38 行,告诉他们他们的用户名或密码不正确,但它们是正确的。您可以在代码的左侧找到两行。

   <?php
      require("includes/inc.php");
      if ($_SESSION['username'] != null){
        # Redirect the user to the member area
        header('Location: member.php');
      } else {
        # Check if the user is trying to login
        if ($_GET['do'] == "login"){
          # If they are, process the details they have provided. Else, continue with showing the form
          $username = trim(sanitize($_POST['username']));
          $password = trim(sanitize($_POST['password']));
          # Check if the username and password are empty
          if (($username == null) || ($password == null)){
            header('Location: login.php?error=field_blank');
          } else {
            $query_accounts = mysql_query("SELECT * FROM users WHERE `username` = '$username' LIMIT 1");
            $query_count = mysql_num_rows($query_accounts);
            if ($query_count == null){
              // User not found
              header('Location: login.php?error=details_wrong');
            } else {
//Line 26          $active = mysql_fetch_array($query_accounts);
                if ($active['active'] == 0) {
                    header('Location: login.php?error=activate');
                } else {
                   $accounts = mysql_fetch_array($query_accounts);
                    // Check if the password matches the user's password
                     if ($accounts[password] == password($password)){
                    // The password is correct, start a session for the user
                        $_SESSION['username'] = $username;
                        header('Location: member.php');
                    } else {
                    // Incorrect password
//Line 38                   header('Location: login.php?error=details_wrong');
                }
              }
            }
          }
        } else {
    ?>
    <!doctype html>
    <html>
    <head>
    <title>PHP Login & Registration</title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <link rel="stylesheet" type="text/css" href="css/style.css" />
    <div id="main">  
    <h1>Login</h1>
    </head>
    <body>
        Need a account? <a href="register.php">Register</a>
        <!-- Display Messages -->
        <?php
          # -> Messages
          if ($_GET['error'] == "field_blank"){ echo "<div class='error'>The username and/or password field was left blank</div>\n"; }
          elseif ($_GET['error'] == "details_wrong"){ echo "<div class='error'>The username and/or password was incorrect</div>\n"; }
          elseif ($_GET['error'] == "activate"){ echo "<div class='error'>Please activate your account.</div>\n"; }
          elseif ($_GET['success'] == "logout"){ echo "<div class='success'>You are now logged out</div>\n"; }
          elseif ($_GET['success'] == "complete"){ echo "<div class='success'>You are now registered, please activate your account by visiting your email.\n"; }
        ?>

          <!-- Login Form -->
          <form action="?do=login" method="post" autocomplete="on">
            <fieldset>
            <p>Username</p>
            <input type="text" name="username" size="40" maxlength="20" /> <br />
            <p>Password</p>
            <input type="password" name="password" size="40" maxlength="30" /> <br />
            <input type="submit" value="Login" style="width:80px;" />
            </fieldset>
        <?php include "footer.php"; ?>
          </form>
    </div>
    </body>
    </html>
    <?php
        } // End Check Login
      } // End check if logged in
    ?>
4

5 回答 5

1

唯一让我眼前一亮的是以下行

                 if ($accounts[password] == password($password)){

密钥将被转换为 PHP 常量,根据我的最佳猜测来看您的代码,尚未定义。将密钥用引号括起来,如下所示。

                 if ($accounts["password"] == password($password)){

我希望这有助于解决您的问题:)

于 2012-05-09T04:04:47.747 回答
1

有几个问题:

a)您获得该行两次(第 26 行 $active = mysql_fetch_array($query_accounts); 并在 $accounts = mysql_fetch_array($query_accounts); 下面 - 这可能会给你两个不同的行,而实际上可能只有一个匹配 - 每个"fetch" 将指针向下移动一行

b) 检查您的变量类型。

i) mysql_num_rows 返回整数,但您正在与 null 进行比较

ii) 还要检查 $row['active'] 返回值 0 而不是字符串 null 或空白。在这两种情况下检查阴性可能更安全,即

if (mysql_num_rows($result) > 0) {

    if ($row['active']) {
        // active state
    } else {
        // inactive state
    }
} else {
    // Not found
}
于 2012-05-09T04:17:18.857 回答
0

您唯一的解决方案是简化!这:

if (...) {
    if (...) {
        if (...) {
            ...
        }
    } else {
        ...
    }
    ...
} else {
    ...
}

更好地表示为:

if ($someImportantCondition == false) {
    die('Important condition not met');
}

...

if ($someOtherImportantCondition == false) {
   die('Some other important condition not met');
}

...

echo 'Success!';

除了dieing,您还可以显示错误、重定向 using headerinclude错误页面、return来自函数或您需要执行的任何其他操作,以便在该点停止逻辑。把它变成一个普通人可以理解的形式,然后你的问题就会消失。

于 2012-05-09T04:09:51.797 回答
0

我使用符号

if (...)
{
   if (...)
   {
      ...
   }
   else
   {
      ...
   }

}
else
{
   ...   

}

然后,您可以轻松识别与该位else匹配的部分。if

如果您使用您的代码执行此操作,您可以找出问题所在。

于 2012-05-09T04:14:56.803 回答
0

我认为你有问题$accounts = mysql_fetch_array($query_accounts);

$accounts 是包含行和列作为索引的数组,您需要使用 while

while($accounts = mysql_fetch_array($query_accounts))
{

}
于 2012-05-09T04:17:00.060 回答