1

我一直在使用教程进行注册和登录页面。一切都很完美,除非用户输入了错误的密码。

如果未输入密码,则将正常显示所述错误。

如果输入了正确的密码,它就会登录。

如果输入了错误的密码,它会进入一个空白页面?!

我想要一个错误的密码来显示一条消息,就像输入错误的用户名一样。我已经包含了我的整个login.php代码:

include('db.php');

if(!isset($_POST['login'])) {
    include('form.php');
} else {

    if(isset($_POST['user'])&&$_POST['user']==""||!isset($_POST['user'])) {
        $error[] = "Username Field can't be left blank";
        $usererror = "1";
    }

    if(!isset($usererror)) {
        $user = mysql_real_escape_string($_POST['user']);
        $sql = "SELECT * FROM users WHERE user = '$user'";
        if(mysql_num_rows(mysql_query($sql))=="0") {
            $error[] = "Can't find a user with this username";
        }
    }

    if(isset($_POST['pass'])&&$_POST['pass']==""||!isset($_POST['pass'])) {
        $error[] = "password Field can't be left blank";
    }

    if(isset($error)) {
        if(is_array($error)) {
            echo "<div class=\"error\"><span>please check the errors and refill the form<span><br/>";
            foreach ($error as $ers) {
                echo "<span>".$ers."</span><br/>";
            }
            echo "</div>";
            include('form.php');
        }
    }

    if(!isset($error)) {
        $suser=mysql_real_escape_string($_POST['user']);
        $spass=md5($_POST['pass']);//for secure passwords
        $find = "SELECT * FROM users WHERE user = '$suser' AND password = '$spass'";
        if(mysql_num_rows(mysql_query($find))=="1"or die(mysql_error())) {
            session_start();
            $_SESSION['username'] = $suser;
            header("Location: loggedin.php");
        } else {
            echo "<div class=\"warning\"><span>Some Error occured durring processing your data</div>";
        }
    }
}
4

2 回答 2

2
if(mysql_num_rows(mysql_query($find))=="1"or die(mysql_error())){

如果输入了错误的密码,mysql_num_rows(mysql_query($find))则为 0,因此结果为die(mysql_error()). 但是由于没有mysql_error(),您会看到一个空白页。

尝试这个

$result = mysql_query($find) or die(mysql_error());
if (mysql_num_rows($result) == 1) {
    // proceed
} else {
    // authentication failed
}

编辑:这仅用于说明目的。处理 MySQL 时使用MySQLiPDO 。

于 2013-01-26T11:29:18.620 回答
0

该代码对我来说有点混乱,请考虑使用此代码。

<?php

include('db.php');
if(isset($_POST['login'])) {
     $username = mysql_real_escape_string($_POST['user']);
     $password = md5($_POST['pass']);

     if(empty($username) || empty($password)) {
          echo "Empty username or password.";
     } else {
          mysql_query("SELECT * FROM `users` WHERE `user` = '$user' AND `password.md5` = '$password'");
          if(mysql_num_rows() == 1) {
               // login successfull 
               session_start();
               $_SESSION['username'] = $username;
               header("Location: loggedin.php");
          } else {
               echo "Invalid username or password.";
          }
     }
} else {
     include  ('form.php');
}

?>
于 2013-01-26T11:33:14.610 回答