0

我正在使用 php 5.5 和 pdo 创建登录代码。代码工作正常,但唯一的第一个用户登录我不知道为什么?例如,我的数据库表中有 5 个用户。当我登录第一个然后它会登录但是当我尝试登录第二个或第三个时它会显示一条错误消息,我设置了错误的数据登录。下面是我的登录代码...

<?php
session_start();
include 'conn.php';
try
{
    $user = $_POST['user'];
    $pass = $_POST['pass'];
    $remember=$_POST['remember'];
        $smt=$conn->prepare("SELECT * FROM signup");
        $smt->execute();
        $result=$smt->fetch(PDO::FETCH_OBJ);
        $prev=$result->Password;
    $usr=$result->Username;

        if(password_verify($pass,$prev)& $user===$usr)
        {
        // Set username session variable
        $_SESSION['user'] = $user;
        // Jump to secured page
        header('location:index.php');
    }


    else
    {

        header('location:signin.php');
        $_SESSION['login']="Incorrect username or password";
    }

    if($remember)
    {
        setcookie('remember-me',$user,time()+3600000);
        setcookie('remember-pass',$pass,time()+3600000);
        header('location:index.php');

    }
    else
    {
        setcookie('remember-me',$user,false);
        setcookie('remember-pass',$pass,false);


    }

}
catch(PDOException $e)
{
    throw new PDOException($e);
}

?>

提前致谢...

4

2 回答 2

0

您缺少一个WHERE CLAUSE

SELECT * FROM signup WHERE Username = :user

将您的代码调整为以下内容:

$smt=$conn->prepare("SELECT * FROM signup WHERE Username =:user");
$smt->execute(array(':user'=>$user));
于 2014-10-17T03:12:14.030 回答
0

请使用以下代码更新您的代码

<?php
session_start();
include 'conn.php';
try
{
    $user = $_POST['user'];
    $pass = $_POST['pass'];
    $remember=$_POST['remember'];
        $smt=$conn->prepare("SELECT * FROM signup WHERE username = '".$user."' AND password = '".$pass."' ");
        $smt->execute();
        $result=$smt->fetch(PDO::FETCH_OBJ);
        $prev=$result->Password;
    $usr=$result->Username;

        if(password_verify($pass,$prev)& $user===$usr)
        {
        // Set username session variable
        $_SESSION['user'] = $user;
        // Jump to secured page
        header('location:index.php');
    }


    else
    {

        header('location:signin.php');
        $_SESSION['login']="Incorrect username or password";
    }

    if($remember)
    {
        setcookie('remember-me',$user,time()+3600000);
        setcookie('remember-pass',$pass,time()+3600000);
        header('location:index.php');

    }
    else
    {
        setcookie('remember-me',$user,false);
        setcookie('remember-pass',$pass,false);


    }

}
catch(PDOException $e)
{
    throw new PDOException($e);
}

?>
于 2014-10-17T05:46:32.577 回答