0
这是我写的一个登录处理程序。用户名和密码都存在于我的数据库中。当我尝试登录时,出现错误。PHP中出现错误登录
这是我的base.php代码:
?php
session_start();
$host="localhost"; // Host name
$username="root"; //Mysql username
$password=""; //Mysql password
$db_name="kuih"; // Database name
//Connect to server and select database.
mysql_connect("$host", "$username", "$password") or die("cannot connect");
mysql_select_db("$db_name") or die ("cannot select DB");
?>
这是我的index.php。
<?php include "base.php"; ?> //base.php
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['username']))
{
?>
<h1>Member Area</h1>
<pThanks for logging in! You are <b><?=$_SESSION['username']?></b> and your email address is <b><?=$_SESSION['email']?></b>.</p>
<?php
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$checklogin = mysql_query("SELECT * FROM register WHERE username = '".$username."' AND password = '".$password."'");
if(mysql_num_rows($checklogin) == 1)
{
$row = mysql_fetch_array($checklogin);
$email = $row['email'];
$_SESSION['username'] = $username;
$_SESSION['email'] = $email;
$_SESSION['LoggedIn'] = 1;
echo "<h1>Success</h1>";
echo "<p>We are now redirecting you to the member area.</p>";
echo "<meta http-equiv='refresh' content='=2;index.php' />";
}
else
{
echo "<h1>Error</h1>";
echo "<p>Sorry, your account could not be found. Please <a href=\"index.php\">click here to try again</a>.</p>";
}
}
else
{
?>
这是我的登录表单代码:
会员登录
<p>Thanks for visiting! Please either login below, or <a href="register.php">click here to register</a>.</p>
<form method="post" action="index.php" name="loginform" id="loginform">
<fieldset>
<label for="username">Username:</label><input type="text" name="username" id="username" /><br />
<label for="password">Password:</label><input type="password" name="password" id="password" /><br />
<input type="submit" name="login" id="login" value="Login" />
</fieldset>
</form>
<?php
}
?>
你觉得这个怎么样?谁能帮我?
添加'的print_r($ _ SESSION)''前回声 “
错误
”'以获取调试的详细信息。 –**旁注**不要使用'mysql _ *()' - 它已被弃用。改为使用'mysqli _ *()'或'PDO'。另外,如果您将它散列化,则不需要转义密码。对于SQL,MD5的输出是安全的。 – 2013-11-05 03:33:17
嗨,我使用print_r($ _ SESSION),但仍然是相同的,帐户无法找到.. –