0

所以我正在研究一个虚拟世界,我目前正在尝试让 login.php 检查用户是否被禁止或未激活。如果用户被封禁,封禁栏会显示“1”(如果没有被封禁,则会显示“0”。)如果用户的帐户已激活,则活动栏会显示“1”(如果未激活,则活动栏会显示“0”。)我的 as2 发送帖子参数用户名并传递给 login.php。Login.php 这样做:

<?php
$myServer = "localhost";
$myUser = "root";
$myPass = "";
$myDB = "game";

//connection to the database
$dbhandle = mysql_connect($myServer, $myUser, $myPass)
or die("Couldn't connect to SQL Server on $myServer");

//select a database to work with
$selected = mysql_select_db($myDB, $dbhandle)
or die("Couldn't open database $myDB");

// The response variable
$res = "res=KO";

// Check incoming data  
if ($_POST['name'] != "" && $_POST['pass'] != "") { 

// Retrieve all rows from the "user_name" and "password" columns from the "account_info" table
$result = mysql_query("SELECT username, password, active, banned FROM users")
or die(mysql_error()); 
}
//create a loop that continues until each row is called
while($row = mysql_fetch_array($result)) {

//check if client user name/password is the same as the row from database
if ($_POST['name'] == $row['username'] && $_POST['pass'] == $row['password'] && $row['active'] = '1' && $row['banned'] == '0') { //BE AWARE OF "" ''

// If they match, Ok, user found
$res = "res=OK";
break;
}
else if ($_POST['name'] == $row['username'] && $_POST['pass'] == $row['password'] && $row['active'] == '0' && $row['banned'] == '0') 
{
$res = "res=unactive";
}
else if ($_POST['name'] == $row['username'] && $_POST['pass'] == $row['password'] && $row['banned'] == '1' && $row['active'] == '1' )
{
$res = "res=banned";
}

}
print $res;
?>

这是处理 $res 的函数:

serverIn.onLoad = function(success)
{
    if (success)
    {
        if (this.res == "OK")
        {
            sendLogin()
        }
        else if (this.res == "unactive")
        {
            var win:MovieClip = showWindow("errorWindow")
            win.errorMsg.text = "Your account is not activated."
        }
        else if (this.res == "banned")
        {
            var win:MovieClip = showWindow("errorWindow")
            win.errorMsg.text = "Your account is banned."
        }
        else
        {
            var win:MovieClip = showWindow("errorWindow")
            win.errorMsg.text = "Incorrect username or password"
        }
    }
    else
    {
        var win:MovieClip = showWindow("errorWindow")
        win.errorMsg.text = "Connection failed"
    }
}

这两个文件都很好用,在我添加 login.php 中检查用户是否被禁止的部分之前它一直有效。所以这是我的问题:

我在数据库中更改了我的用户信息,以便我被禁止和激活。但是发送到 swf 的 $res 是 res=unactive 并且会出现“用户不活动”窗口。当我被禁止和活跃时,我希望“用户被禁止”弹出窗口出现。

然后我改变了它,这样我就不会被禁止并且我很活跃。这让我正常登录,就像它应该的那样。

然后我这样做,这样我就不会被禁止和不活跃。它在不应该登录的时候登录。我希望“用户未激活”窗口会出现,但事实并非如此。

4

1 回答 1

2

这可能很重要:

(PHP 的 ~29 行)

$row['active'] = '1'

这是将值设置为 1,而不是针对 1 测试该值。

$row['active'] == '1'

另外,请不要将用户凭据存储为明文!

于 2013-04-14T21:31:40.703 回答