0

如果您发现这个问题与任何其他问题相似,我很抱歉,但我已经检查过并且找不到合适的解决方案。我的登录检查脚本似乎有问题,因为即使我输入了错误的密码,它也会指向登录成功页面,但我找不到在哪里。请帮我。这是代码:

<?php

session_start();

mysql_connect("localhost", "root", "")or die("cannot connect"); 
mysql_select_db("planner")or die("cannot select DB");


$myusername = mysql_real_escape_string ($_POST['username']);
$mypassword = mysql_real_escape_string ($_POST['password']);


$sql="SELECT username,password FROM members WHERE username='$myusername'";



if($result=mysql_query($sql)){
    $found_user=mysql_fetch_array($result);
    if (mysql_num_rows($result)>0){

$_SESSION['myusername']=true; 
header("location:login_success.php");
}

else {
echo "Wrong Username or Password";
}
}
?>

updated script:

<?php

session_start();

mysql_connect("localhost", "root", "")or die("cannot connect"); 
mysql_select_db("planner")or die("cannot select DB");


$myusername = mysql_real_escape_string ($_POST['username']);
$mypassword = md5(mysql_real_escape_string ($_POST['password']));


$sql="SELECT username,password FROM members WHERE username='$myusername' AND password='$mypassword'";




if($result=mysql_query($sql)){
    $found_user=mysql_fetch_array($result);
    if (mysql_num_rows($result)!=0){

$_SESSION['myusername']=true; 
header("location:login_success.php");
}

else {
echo "Wrong Username or Password";
}
}
?>



 now it always says wrong username and password entered even though
    with right username and password entered. And here is the login form:


<form method="post" action="check_login.php">
    <p><input type="text" name="username" value="" placeholder="Username"></p>
    <p><input type="password" name="password" value="" placeholder="Password"></p>

    <p class="submit"><input type="submit" name="submit" value="Login"></p>
  </form>
4

4 回答 4

1

因为你只是检查用户名而不是两者

$sql="SELECT username,password FROM members 
WHERE username='$myusername' AND password = '$mypassword'";

您必须使用 SALT 转换密码并且必须检查。

于 2013-05-17T04:28:38.640 回答
1 
$sql="SELECT username,password FROM members WHERE username='$myusername'";

应该

$sql="SELECT username,password FROM members WHERE username='$myusername' AND 
password='$mypassword'";
于 2013-05-17T04:29:07.547 回答
0

你没有检查密码。

$myusername = mysql_real_escape_string ($_POST['username']);
$mypassword = mysql_real_escape_string ($_POST['password']);

$sql="SELECT username,password FROM members WHERE username='$myusername' 
      AND password='$mypassword'";

你的逻辑应该是这样的:

$result=mysql_query($sql);

if($result and mysql_num_rows($result)){
       $_SESSION['myusername']=true; 
       header("location:login_success.php");
}
else {
    echo "Wrong Username or Password";
}
于 2013-05-17T04:30:01.147 回答
0

您没有检查密码,也没有检查用户名和密码的 CASE。

试试这个查询: -

SELECT username,password FROM members WHERE binary username='$myusername' and binary password ='$mypassword'

用于binary检查用户名和密码是否区分大小写。希望它还可以帮助您检查用户名和密码的区分大小写。

于 2013-05-17T04:34:07.060 回答