0

我在使用 PDO 的登录系统时遇到问题。当您使用正确的密码登录时,即使表单链接到另一个页面,它也会刷新页面,并且当您登录时,您将被重定向到“home.php”而不是“index.php”

<?php
include('./includes/connect.php');

$submit = $_POST['submit'];
$email = sanitize($_POST['email']);
$password = nCrypt(sanitize($_POST['password']));

if(isset($submit)) {
    if(isset($email) && isset($password)) {
        $query = $pdo->prepare("SELECT password FROM users WHERE email = ?");
        $query->bindValue(1, $email);
        $query->execute();

        $r = $query->fetch();
        $pass2 = $r['password'];
        $first = $r['first'];
        $last = $r['lastname'];
        $username = $r['username'];

        if(strcasecmp($password, $pass2) == 0) {
            $_SESSION['user'] = $r['user'];
            $_SESSION['first'] = $r['first'];
            $_SESSION['last'] = $r['last'];
            $_SESSION['id'] = $r['id'];
            header('Location: home.php');
        } else {
            header('Location: index.php?e=incorrect');
        }
    } else {
        header('Location: index.php?e=empty');
    }
}
?>

基本上,当您输入正确的密码时,什么也不会发生。我的表格是:

<!-- index.php -->
<form action="login.php" method="POST">
    <legend>Email Address</legend>
    <input type="email" name="email" placeholder="Email Address" required><br>
    <legend>Password</legend>
    <input type="password" name="password" placeholder="Password" required><br>
    <input class="btn btn-info" type="submit" name="submit" value="Login">
</form>

如您所见,它链接到另一个页面,但是当您输入正确的密码时,它只会刷新表单所在的页面,当它假设将您重定向到“home.php”时。

4

1 回答 1

1

如果您要使用此语句进行选择

SELECT password FROM users WHERE email = ?

那你要去哪里

$first = $r['first'];
$last = $r['lastname'];
$username = $r['username'];

从?

做一个

SELECT * FROM users WHERE email = ?

或者

SELECT password, first,last,username FROM users WHERE email = ?

另外,为什么复杂的生活要做一个简单的 if 来测试正确的密码:

if($password == $pass2) {

此外,值得检查数据库上的密码实际上是否以与加密用户输入相同的方式加密。

于 2013-08-24T00:01:49.763 回答