-3

在以下代码中,我使用数据库检查用户名和密码,然后运行 ​​if 语句以允许用户查看页面或仅向他们显示“请登录”消息。此时即使密码相等,它也只会返回错误值。

我知道我可以在互联网上为此获取代码,但我想弄清楚我的逻辑(仅在我的脑海中)哪里出了问题。我也知道我还没有清理数据,但这只是一个针对 10 年级学生的教程,他们只是用一点 PHP 学习 HTML 和 CSS。稍后我将讨论保护数据 - 一次一个概念。

谢谢您的帮助!

<?php

// connects to server 

include('includes/connect2.php');

// sets post to variables don't know if this is needed
$user=$_POST[username];
$pass=$_POST[password];

?>

<?php
// query to find ifnoramtion in database 
$result = mysqli_query($con, "SELECT * FROM social_register WHERE Login='$user'"); 
                    mysqli_real_escape_string($con, $user) . "'" ); 

$row = mysqli_fetch_assoc($result);

if ($pass == $row['Password']) { ?>
<div id="container">
    <div id="banner">
    The social Site 
        <div id="site_logo">
        <img src="images/logo_thumb.gif" /> 
                <?php

                while($row = mysqli_fetch_array($result))
                  {
                  echo $row['First_Name'] . " " . $row['Last_Name'];
                  echo "<br>";
                    }
                mysqli_close($con);
                ?>

        </div>
    </div>

<div id="person">
<h1>Welcome to your test web site</h1>
</div>


</div>
<?php
}
else 
{
?>
    <div id="container">
            <div id="banner">
            The social Site 
                <div id="site_logo">
                <img src="images/logo_thumb.gif" /> 


                </div>
            </div>

        <div id="person">
        <h1>You have not loged into the site, please login.</h1>
        </div>

<?php
}

?>
4

2 回答 2

4

您应该mysqli_fetch_assoc在匹配之前获取数据password

$user = mysqli_real_escape_string($con, $user);
$result = mysqli_query($con, "SELECT * FROM social_register WHERE Login = '".$user."'"); 

$row = mysqli_fetch_assoc($result);

if ($pass == $row['Password']) { ?>
于 2013-08-31T12:53:29.353 回答
-2

好吧,我给你放了一个 Login.php 和一个 Check.php,我希望你喜欢它......:P

试试看:

//Login.php
session_start(); //create the session
if(isset($_POST['login']))
{

$con = mysqli_connect("myhost","myuser","mypassw","mybd") or die("Error " . mysqli_error($con));
$user = mysqli_fetch_assoc(mysqli_query($con, "SELECT * FROM social_register WHERE Login='" . mysqli_real_escape_string($con, $user) . "'" )); 

$pass = $user['Password']; //put the pass variable
if ( $pass == $user['Password'] ) {
    $_SESSION['ready'] = true;
    header('Location: you_page.php'); //redirect to your page when you have the correct pass
    exit;
} else
{
?>
<script type="text/javascript">
<!--
alert('Incorrect Password')
//-->
</script>
<?php
}
}
//continue with the next block
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title> Login </title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<center>
<h3 style="color:#fff;">Password:<h3>
<form method="post" action="">
<input type="password" style="text-align:center;" name="pass"><br>
<input type="submit" name="login" value="Iniciar sesión">
</form>
</center>
</body>
</html>

//Check.php
<?php
session_start();
if (!isset($_SESSION['ready'])
    || $_SESSION['ready'] !== true) {
    header('Location: login.php'); //Redirect to the login if you haven't the session set
    exit;
}
?>

在 your_page.php 中,您必须输入:

require 'check.php';

注销.php

<?php
session_start();
if (isset($_SESSION['ready'])) {
   unset($_SESSION['ready']);
}
header('Location: index.php');
exit;
?>
于 2013-08-31T12:54:00.243 回答