-1

我想创建一个登录页面,但它不起作用。任何人都可以看到错误。谢谢你

我有一个数据库,其中有 3 行电子邮件-密码-客户 ID。

<?
$email = $_POST['email'];
$password= $_POST['password'];
$login = $_POST['login'];
$user_custermers_id = $_GET['id'];

if($login = 'yes')
{
    global $wpdb;

    $get = mysql_query("SELECT * FROM das_custermer_users WHERE email = '$email' AND password = '$password'") or die(mysql_error());

    $result = mysql_result($get, 0);
    if($result != 1)
    {
        $msg = "WRONG MESSEGE";
    }
    else
    {
        session_start();
        $_SESSION['email'] = $email;
        header("location: http://tgdashboard.com");
    }
}
?>

我的 HTML

<form action="<? echo $_SERVER['PHP_SELF']; ?>" method="post">
    <div class="header">
        Loginoplysninger
    </div>
    <div class="row">
        <label for="user">E-mail:</label>
        <input type="text" name="user" id="user" value="">
    </div>
    <div class="row">
        <label for="pass">Password:</label>
        <input type="password" name="pass" id="pass" value="">
    </div>
    <div class="row">
        <input type="submit" name="login" value="Login">
4

3 回答 3

2

问题是您已经在此处valueLogin您的提交按钮提供了一个

<input type="submit" name="login" value="Login">你正在检查登录是否yes在这里

$login = $_POST['login'];
$user_custermers_id = $_GET['id'];



    if($login = 'yes'){

因此,您正在检查值是否是yes您已经将值设置为Login

你应该做类似的事情

   $login = $_POST['login'];
    $user_custermers_id = $_GET['id'];



        if($login = 'Login'){

同样,正如下面的用户所指出的,if($login = 'yes'){意味着您正在分配一个yesto variable的值$login,这意味着,如果您想检查是否必须使用==运算符。喜欢if($login == 'yes'){

于 2013-04-03T12:09:33.813 回答
1

使用此代码可能对您有用。因为我已将其更改为 wordpress.pls 检查此。

<?php
    session_start();
    $email = $_POST['user']; //$_POST['email'];
    $password= $_POST['pass']; //$_POST['password'];
    $login = $_POST['login'];
    $user_custermers_id = $_GET['id'];

    if($login == 'Login' || isset($login)) 
    {
        global $wpdb;

        /*$get = mysql_query("SELECT * FROM das_custermer_users WHERE email = '$email' AND password = '$password'") or die(mysql_error());
        $result = mysql_result($get, 0);*/
        $get = $wpdb->get_row("SELECT * FROM das_custermer_users WHERE email = '$email' AND password = '$password'", ARRAY_A);
        if ($get != null) 
        {
            // do something with the link 
            $_SESSION['custermer_id'] = $get->das_custermers_id;
            $das_custermer_id = $get->das_custermers_id;
            $_SESSION['email'] = $email;
            //echo 'custermer-id'.$get->das_custermers_id.'custermer-idbysession'.$_SESSION['custermer_id'].'email'.$email.'emailby session'.$_SESSION['email'];
            header("location: http://tgdashboard.com?das_custermers_id=".$das_custermer_id);
        } 
        else 
        {
            // no link found
            $msg = "WRONG MESSEGE";
        }
    }
?>

试试这个它会为你工作..

<?php
session_start();
$email = $_POST['user']; //$_POST['email'];
$password= $_POST['pass']; //$_POST['password'];
$login = $_POST['login'];
$user_custermers_id = $_GET['id'];

if($login == 'Login' || isset($login)) 
{
    global $wpdb;

    $get = mysql_query("SELECT * FROM das_custermer_users WHERE email = '$email' AND password = '$password'") or die(mysql_error());

    //$result = mysql_result($get, 0);
    $result = mysql_num_rows($get);  // try this..
    if($result == 0)
    {
        $msg = "WRONG MESSEGE";
    }
    else
    {
        //session_start();
        $_SESSION['email'] = $email;
        header("location: http://tgdashboard.com");
    }
}
?>
于 2013-04-03T12:20:59.303 回答
1

好的,这里有几件事,正如我在评论中所指出的那样。

首先,您正在使用mysql_query,但显然使用的是 wordpress ( global $wpdb) (WordPress 不使用这些功能,并且它们已过时且不推荐使用,请阅读此内容并改用该$wpdb->get_results()功能)。

其次,您不会逃避您的输入,这意味着我可以输入电子邮件' OR email = 'admin@site.com'; --并以我想要的任何用户身份登录。在 wordpress 中,您正在寻找$wpdb->escape()或查看wordpress 中的准备好的语句

第三,请不要使用短标签 ( <?),因为您无法确定在部署此代码的所有 PHP 配置中都启用了它们。最好坚持<?php

第四,正如其他人提到的那样,您正在“比较”(见第五)$loginyes但绝不是,因为您提交按钮的值是Login.

第五,你不是在比较$login,而是在yes设置。改为用于比较。$loginyes==

所以最终建议的代码应该是这样的:

<?php
    $email = $_POST['email'];
    $password= $_POST['password'];
    $login = $_POST['login'];
    $user_custermers_id = $_GET['id'];

    if($login == 'Login') //Changed to == and 'Login'
    {
        global $wpdb;

        //Changed to actually use $wpdb instead and get_results and escaping variables
        $get = $wpdb->get_results("SELECT * FROM das_custermer_users WHERE email = '" . $wpdb->escape($email) . "' AND password = '" . $wpdb->escape($password) . "'");

        //As $wpdb works different, use this
        if (!empty($get)) {
            session_start();
            $_SESSION['email'] = $email;
            header("location: http://tgdashboard.com");
        } else {
            $msg = "WRONG MESSAGE";
        }
    }
?>
于 2013-04-03T12:23:35.767 回答