-1

我的登录代码有几个问题。我知道我没有加密密码,但这只是现在的学习基础。

  1. 所以我知道我正在从我的表单中获取值,因为当我提供正确的登录名时,它会将我定向到 member-index.php 然后立即将我重定向到access-denied.php,因为我的会话设置不正确?

  2. 当我提供无效登录时,它不会将我重定向到 login-failed.php,它只是像login.php上的空页面一样,这是我从表单输入中引导它的地方。

这是我的数据库表供参考:

表:登录

   +---------+----------+--------
   | login_ID | Login_PW| auth  |
   +-------=--+---------+--------
   | User_test|  123    | null  |
   +----------+---------+--------


 <?php 
    function clean($str)
    {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return $str;
    }

    //Sanitize the POST values

    if (isset($_POST['username']))    
    {    
              $username = clean($_POST['username']);    
    }    


    if (isset($_POST['password']))    
    {    
    $password = clean($_POST['password']);

    }    

    /* Create a new mysqli object with database connection parameters */
    $mysqli = mysqli_connect('localhost', 'root', '', 'draftdb');

    if(mysqli_connect_errno()) 
    {
        echo "Connection Failed: " . mysqli_connect_errno();
        exit();
    }

    /* Is your username the same as the login_id? If not you need to change this query's where to use the username column not the login_id. */

    /* Create a prepared statement */
    if($stmt = $mysqli -> prepare("
        SELECT Login_ID, Login_PW
        FROM login  
        WHERE Login_ID=? AND Login_PW=?
    "))
    {
        /* Bind parameters
             s - string, b - boolean, i - int, etc */
        $stmt -> bind_param("ss", $username, $password);

        /* Execute it */
        $result = $stmt -> execute();

        /* Bind results to variables that will be used within the fetch() loop. */
        $stmt -> bind_result($username, $password);

        //Check whether the query was successful or not
        if ($result === false)
         {
            die("Query failed");
         }
          /* Iterate over the results of the query. */
        while ($stmt->fetch())  
        { //while loop open
             if($_POST['username'] == $username && $_POST['password'] == $password)
                {
            //$member = mysqli_fetch_assoc($result);


                 session_regenerate_id();
            /* We can create a _SESSION cause we binded the result to those variables above. */
                //$_SESSION['SESS_MEMBER_ID'] = $username;
                 $_SESSION['username'] = $_POST['username'];


             session_write_close();
             header("location: member-index.php");
             exit();

                }

                elseif($result -> num_rows == 0 )
                    {
                    header("location: login-failed.php");
                     exit();
                    }

         }//while loop close

          /* Close statement */
          $stmt -> close();
    }//main if close

       /* Close connection */
       $mysqli -> close();

成员索引.php

<?php
    //Start session
    session_start();

    //Check whether the session variable SESS_MEMBER_ID is present or not
    if(!$_SESSION['username']) {
        header("location: access-denied.php");
        exit();
    }
?>
4

1 回答 1

0 
/* Execute it */
$result = $stmt -> execute();
$stmt -> store_result();

.
.
.

elseif($stmt -> num_rows == 0 ) // note $stmt instead of $result

应该这样做

于 2012-08-12T04:24:46.673 回答