0

有人可以将我推向正确的方向并告诉我这段代码有什么问题吗?我没有收到任何错误,但它也没有让我登录。想法是在 sql 数据库中有一个名为 memb 的行,并检查状态是 1 还是 0。如果是 1,它将带您到安全页面,如果为 0,它将为您提供订阅页面

<?php


require_once('config.php');  


if(isset($_POST['Login']) && isset($_POST['uname']) && isset($_POST['pass1'])) {
// Here check if all input are sent 

$uname = $sql-> real_escape_string($_POST['uname']);
$pass1 = $sql-> real_escape_string($_POST['pass1']);


 if ( !empty($uname) && !empty($pass1)) {
  // Check if you input are not empty

  $query= mysqli_query($sql,"SELECT * FROM login WHERE uname='".$uname."' AND pass='".$pass1."' && memb='?'");
  if(!$query){ die(mysqli_error($sql)); }
  $checkuser= mysqli_num_rows($query);


  if($checkuser != 1) {


   $error = "Username doesn't exist in our database!";
  }

  // Change $login with $query
  while ($row = mysqli_fetch_array($query)) {
   $checkpass= $row['pass'];

 while ($row = mysqli_fetch_array($query)) { 
   $checkmemb= $row['memb'];   

   // here i changed $pass1 to $checkpass
   if ($pass1 == $checkpass && $memb == 0){

    setcookie("user", $uname, time()+7200);
    $_SESSION['user'] = $uname;
    $_SESSION['start'] = time();
    $_SESSION['expire'] = $_SESSION['start'] + (60 * 60 * 60);
    header("Location: pay.php");
    exit();
   } elseif($pass1 == $checkpass && $memb == 1) {
     setcookie("user", $uname, time()+7200);
    $_SESSION['user'] = $uname;
    $_SESSION['start'] = time();
    $_SESSION['expire'] = $_SESSION['start'] + (60 * 60 * 60);
    header("Location: main.html");
    exit();
   }
  }
 }
 }
 }
4

1 回答 1

0

尝试改变这个:

if(isset($_POST['Login']) && isset($_POST['uname']) && isset($_POST['pass1'])) {
// Here check if all input are sent

至:

if(isset($_POST['uname']) && isset($_POST['pass1'])) {
// Here check if all input are sent

没有测试,这只是快速浏览的猜测。但它似乎没有做任何事情,因为您的输入检查失败。

于 2013-08-18T22:49:50.720 回答