这是我编写的登录处理程序。用户名和密码都存在于我的数据库中。当我尝试登录时,出现错误。
这是我的 base.php 代码:
?php
session_start();
$host="localhost"; // Host name
$username="root"; //Mysql username
$password=""; //Mysql password
$db_name="kuih"; // Database name
//Connect to server and select database.
mysql_connect("$host", "$username", "$password") or die("cannot connect");
mysql_select_db("$db_name") or die ("cannot select DB");
?>
这是我的 index.php。
<?php include "base.php"; ?> //base.php
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['username']))
{
?>
<h1>Member Area</h1>
<pThanks for logging in! You are <b><?=$_SESSION['username']?></b> and your email address is <b><?=$_SESSION['email']?></b>.</p>
<?php
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$checklogin = mysql_query("SELECT * FROM register WHERE username = '".$username."' AND password = '".$password."'");
if(mysql_num_rows($checklogin) == 1)
{
$row = mysql_fetch_array($checklogin);
$email = $row['email'];
$_SESSION['username'] = $username;
$_SESSION['email'] = $email;
$_SESSION['LoggedIn'] = 1;
echo "<h1>Success</h1>";
echo "<p>We are now redirecting you to the member area.</p>";
echo "<meta http-equiv='refresh' content='=2;index.php' />";
}
else
{
echo "<h1>Error</h1>";
echo "<p>Sorry, your account could not be found. Please <a href=\"index.php\">click here to try again</a>.</p>";
}
}
else
{
?>
这是我的登录表单代码:
会员登录
<p>Thanks for visiting! Please either login below, or <a href="register.php">click here to register</a>.</p>
<form method="post" action="index.php" name="loginform" id="loginform">
<fieldset>
<label for="username">Username:</label><input type="text" name="username" id="username" /><br />
<label for="password">Password:</label><input type="password" name="password" id="password" /><br />
<input type="submit" name="login" id="login" value="Login" />
</fieldset>
</form>
<?php
}
?>
你怎么看待这件事?谁能帮我?