1

我是 PHP 新手,我正在尝试在不使用模板代码的情况下创建登录系统。我连接到以下代码的注册表完全工作并将用户保存到我的数据库中,没有任何问题。

现在,这是我的登录代码。我已经创建了几个用户来使用我的注册表单进行测试。 这就是我在 PHP 中所拥有的:

<?php

session_start();

include_once('classes/connection.php');

if(isset($_POST['username']))
    {

if(!empty($_POST['username']) && !empty($_POST['password']))
{
    $username = mysqli_real_escape_string($link, $_POST['username']);
    $password = md5(mysqli_real_escape_string($link, $_POST['password']));

     $checklogin = mysqli_query($link, "SELECT * FROM tblusers WHERE username = '".$username."' AND password = '".$password."'");

    if(mysqli_num_rows($checklogin) == 1)
    {
        $row = mysqli_fetch_array($checklogin);
        $username = $row['username'];
        $email = $row['email'];
        $name = $row['name'];
        $surname = $row['surname'];

        $_SESSION['Username'] = $username;
        $_SESSION['Email'] = $email;
        $_SESSION['Name'] = $name;
        $_SESSION['Surname'] = $surname;
        $_SESSION['LoggedIn'] = 1;

        header('location: index.php');
    }
    else
    {
        $feedback= "<p>Your account was not found, please try again.</p>";
    }        
} else 
{   
    $feedback= "<p>Please fill in all the blank areas.</p>";
}
    }

?>

这是与此相关的 HTML:

<article>
                <?php if(isset($feedback)): ?> <!-- BEGIN FEEDBACK -->
                    <div id="feedback">
                <?php echo $feedback ?>

                    </div>
                <?php endif; ?>
                <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
                    <h2>Login</h2>

                    <table><tr>
                        <td>Username:</td>
                        <td><input size="10%" id="username" class="form-text" name="username"type="text"/></td></tr>
                    <tr>
                        <td>Password:</td>
                        <td><input size="10%" id="password" class="form-text" name="password" type="password"/></td>
                    </tr>
                    <tr>
                        <td></td>
                        <td><input name="loginknop" type="submit" value="Login" />
                        <a href="register.php">No account? Click here!</a></td>
                    </tr></table>
                </form>
                </article>

对我来说,这一切似乎都是正确的,并且能够发挥作用。但是,每次我测试此登录名时,例如: USERNAME: TEST 和 PASSWORD: TEST123 (作为潜在用户,它已经在我的数据库中),我收到反馈说:“找不到您的帐户,请尝试再次。”

所以我的问题是: 1)我该如何解决这个问题?我相信我的代码是正确的,但我不知道为什么它一直告诉我我的帐户不存在。

2)关于如何改进或缩短此代码的建议也很感激,我很想学习

4

2 回答 2

1

您只需在 php 文件中添加一些调试代码行,这样您就可以找到问题所在。

例如:

if(!empty($_POST['username']) && !empty($_POST['password']))
{
    echo "You entered: username={$_POST['username']}, password={$_POST['password']}<br>";
    $username = mysqli_real_escape_string($link, $_POST['username']);
    $password = md5(mysqli_real_escape_string($link, $_POST['password']));

    echo "Your username after escaping: {$username}<br>";
    echo "Your password after scaping and MD5: {$password}<br>";

    $checklogin = mysqli_query($link, "SELECT * FROM tblusers WHERE username = '".     
    $username."' AND password = '".$password."'");

    echo "Count of users with the same username and password = " . mysqli_num_rows($checklogin);

    $checkusername = mysqli_query($link, "SELECT * FROM tblusers WHERE username = '". $username."'");
    echo "Count of users with the same username = " . mysqli_num_rows($checkusername);

    $checkpass = mysqli_query($link, "SELECT * FROM tblusers WHERE password = '". $password."'");
    echo "Count of users with the same password md5 = " . mysqli_num_rows($checkpass);


    if(mysqli_num_rows($checklogin) == 1)
    {
        $row = mysqli_fetch_array($checklogin);
        $username = $row['username'];
        $email = $row['email'];
        $name = $row['name'];
        $surname = $row['surname'];

        $_SESSION['Username'] = $username;
        $_SESSION['Email'] = $email;
        $_SESSION['Name'] = $name;
        $_SESSION['Surname'] = $surname;
        $_SESSION['LoggedIn'] = 1;

        //header('location: index.php'); <-- comment it to see debug info
}

之后,您可以看到问题所在。正如我现在所看到的,它可能是:

  1. 您在错误的 POST 变量中发送用户名或密码
  2. 您以某种不同的格式存储您的用户名或密码

PS 如果它对您没有帮助,请在此处发布所有这些回声的输出,这是您在登录尝试后获得的!

于 2013-08-26T19:01:26.457 回答
0

这一行:

$password = md5(mysqli_real_escape_string($link, $_POST['password']));

将您输入到屏幕的数据TEST123并创建它的MD5哈希值。所以它看起来像这样:

22b75d6007e06f4a959d1b1d69b4c4bd

所以如果你说你的数据库有一个

username = 'TEST'
password = "TEST123'

当您进行查询时

$checklogin = mysqli_query($link, "SELECT * FROM tblusers WHERE username = '$username' AND password = '$password' ");

$password will = 22b75d6007e06f4a959d1b1d69b4c4bd但 tabuser.password 将 = 'TEST123' 因此不会选择该行!

于 2013-08-26T19:02:37.357 回答