-1

目前我正在编写一个允许您注册和登录的脚本。注册工作正常,但我的登录显示错误(即错误 - 登录无效。不存在这样的用户(php 脚本的最后一行,即使用户存在)。我的 mysql 表是users1.我的登录表单及其处理的代码如下——

    <?php 

    include 'dbc.php';

    $err = array();

    foreach($_GET as $key => $value) {
        $get[$key] = filter($value); //get variables are filtered.
    }

    if ($_POST['doLogin']=='Login')
    {

    foreach($_POST as $key => $value) {
        $data[$key] = filter($value); // post variables are filtered
    }


    $email = $data['email'];
    $pass = $data['password'];


    if (strpos($email,'@') === false) {
        $user_cond = "username='$email'";
    } else {
          $user_cond = "email='$email'";

    }


    $result = mysql_query("SELECT `id`,`password`,`full_name`,`approved` FROM users1 WHERE 
               $user_cond
                AND `banned` = '0'
                ") or die (mysql_error()); 
    $num = mysql_num_rows($result);

      // Match row found with more than 1 results  - the user is authenticated. 
        if ( $num > 0 ) { 

        list($id,$password,$full_name,$approved) = mysql_fetch_row($result);

        if(!$approved) {
        //$msg = urlencode("Account not activated. Please check your email for activation code");
        $err[] = "Account not activated. Please check your email for activation code";

        //header("Location: login.php?msg=$msg");
         //exit();
         }

            //check against salt
        if ($password === password($pass,substr($password,0,9))) { 
        if(empty($err)){            

         // this sets session and logs user in  
           session_start();
           session_regenerate_id (true); //prevent against session fixation attacks.

           // this sets variables in the session 
            $_SESSION['user_id']= $id;  
            $_SESSION['username'] = $full_name;
            $_SESSION['HTTP_USER_AGENT'] = $_SERVER['HTTP_USER_AGENT'];

            //update the timestamp and key for cookie
            $stamp = time();
            $ckey = GenKey();
            mysql_query("update users1 set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error());

            //set a cookie 

           if(isset($_POST['remember'])){
                      setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
                      setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
                      setcookie("username",$_SESSION['username'], time()+60*60*24*COOKIE_TIME_OUT, "/");
                       }
              header("Location: myaccount.php");
             }
            }
            else
            {
            //$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
            $err[] = "Invalid Login. Please try again with correct user email and password.";
            //header("Location: login.php?msg=$msg");
            }
        } else {
            $err[] = "Error - Invalid login. No such user exists";
          }     
    }



    ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<title>

Members' Login</title>


<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script>
<script language="JavaScript" type="text/javascript" src="js/jquery.validate.js"></script>
  <script>
  $(document).ready(function(){
    $("#logForm").validate();
  });
  </script>
<link href="styles.css" rel="stylesheet" type="text/css">

</head>
<body>

<table width="100%" border="0" cellspacing="0" cellpadding="5" class="main">
  <tr> 
    <td colspan="3">&nbsp;</td>
  </tr>
  <tr> 
    <td width="160" valign="top"><p>&nbsp;</p>
      <p>&nbsp; </p>
      <p>&nbsp;</p></td>
    <td width="732" valign="top"><p>&nbsp;</p>
      <h3 class="titlehdr"><b>Login</b>
      </h3>  
      <p>
      <?php

      if(!empty($err))  {
       echo "<div class=\"msg\">";
      foreach ($err as $e) {
        echo "$e <br>";
        }
      echo "</div>";    
}     
      ?></p>
      <form action="login.php" method="post" name="logForm" id="logForm" >
        <table width="65%" border="0" cellpadding="4" cellspacing="4" class="loginform">
          <tr> 
            <td colspan="2">&nbsp;</td>
          </tr>
          <tr> 
            <td width="38%">Username / Email</td>
            <td width="62%"><input name="usr_email" type="text" class="required" id="txtbox" size="25"></td>
          </tr>
          <tr> 
            <td>Password</td>
            <td><input name="password" type="password" class="required password" id="txtbox" size="25"></td>
          </tr>
          <tr> 
            <td colspan="2"><div align="center">
                <input name="remember" type="checkbox" id="remember" value="1">
                Remember me</div></td>
          </tr>
          <tr> 
            <td colspan="2"> <div align="center"> 
                <p> 
                  <input name="doLogin" type="submit" id="doLogin3" value="Login">
                </p>
                <p><a href="register.php">Register Free</a><font color="#FF6600"> 
                  |</font> <a href="forgot.php">Forgot Password</a> <font color="#FF6600"> 
                  </font></p>

              </div></td>
          </tr>
        </table>
        <div align="center"></div>
        <p align="center">&nbsp; </p>
      </form>
      <p>&nbsp;</p>

      </td>
    <td width="196" valign="top">&nbsp;</td>
  </tr>
  <tr> 
    <td colspan="3">&nbsp;</td>
  </tr>
</table>

</body>
</html>

如果您需要有关问题的更多详细信息,请询问我

4

1 回答 1

0

而不是 if(strpos($email,'@'))try this 而是它将使您的搜索随心所欲地动态化,您将需要传递给参数$username$email如下所示:

SELECT `id`,`password`,`full_name`,`approved` FROM users1 
WHERE 1 = 1
AND ($email IS NULL OR email = $email)
AND ($username IS NULL OR username = $username)
AND `banned` = '0'

请注意,您必须使用PDO或准备好的语句,而不是使用连接到 mysql 数据库的方式。

于 2012-10-01T15:17:46.983 回答