1. 首页
  2. 问答
  3. PHP登录脚本只会登录特定用户?

PHP登录脚本只会登录特定用户?

2013-06-05 173 views
0

我一直在使用这个登录脚本很长一段时间,它的相当稳固,但它现在破碎,让我疯了。PHP登录脚本只会登录特定用户?

基本上脚本只接受第一个MySQL行用户登录,登录系统将工作,但只是为第一个SQL行,它似乎忽略所有的行?

global_database.php

<?php 

$dbhost = 'localhost'; 
$dbuser = 'dealerpa_guest'; 
$dbpass = 'password_here'; 



function dbConnect($db='') { 
global $dbhost, $dbuser, $dbpass; 

$dbcnx = @mysql_connect($dbhost, $dbuser, $dbpass) 
     or die('We are currently applying some major patches and fixes to our systems.  Please try again in 10 Minutes.'); 

if ($db!='' and [email protected]_select_db($db)) 
    die('We are currently applying some major patches and fixes to our systems. Please try again in 10 Minutes.'); 

return $dbcnx; 
} 


?>

global_restriction.php

<?php 

session_start(); 


include_once 'global_database.php'; 
include_once 'global_common.php'; 

$dealerUsername = isset($_POST['dealerUsername']) ? $_POST['dealerUsername'] :  $_SESSION['dealerUsername']; 
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd']; 


if(!isset($dealerUsername)) { 
?> 
<html> 
<body> 
    <form id="dealerLogin" name="dealerLogin" method="post" action=""> 
<input name="dealerUsername" type="text" id="dealerUsername" size="15" class="validate[required] text-input" /> 

    <input name="pwd" type="password" id="pwd" size="15" class="validate[required] text-input" /> 

<input name="submit" id="submit" type="submit" value="Login" class="save-button" /> 

</form> 

<?php 

exit; 
} 

$_SESSION['dealerUsername'] = $dealerUsername; 
$_SESSION['pwd'] = $pwd; 

dbConnect("dealerpa_account"); 
$sql = "SELECT * FROM dealerAccount WHERE dealerUsername = '$dealerUsername' AND dealerPassword = md5('$pwd')"; 

$result = mysql_query($sql); 
if (!$result) { 
error('A database error occurred while checking your '. 
    'login details.\\nIf this error persists, please '. 
    'contact us.'); 
} 

if (mysql_num_rows($result) == 0) { 
unset($_SESSION['dealerUsername']); 
unset($_SESSION['pwd']); 

?> 

<html> 
<body> 
<p>Display Login page again if password is wrong</p> 
</body> 
<?php 
exit; 
} 

$dealerUsername = mysql_result($result,0,'dealerUsername'); 
$dealerID = mysql_result($result,0,'dealerID'); 
?>

我检查了PHP的设置和注册全局开启时,有什么事我可以试试。奇怪的是只有一个用户可以登录。它就像脚本没有检查整个表,只查看第一个SQL Row。

任何帮助将不胜感激。

来源

2013-06-05 BWD Group

+0

出于某种原因,脚本在5个小时后重新开始工作,查看代码。如果你看到任何改进脚本的方法,以便它更安全,请告知。 –

+1

难道你的主机不推荐使用'mysql_'并转移到'mysqli'?仅供参考:在SO上这么说过很多次,使用'mysql_'开放注入。 –

+1

您的代码易受SQL注入攻击。在查询中使用它之前,您需要清理* ALL *用户输入或使用准备好的语句。 – j883376

回答

0

我想那是因为你的行索引设置为0在mysql_result()。而不是使用mysql_result尝试mysql_fetch_assoc。它将检索关联数组中的用户信息。希望有所帮助。

来源

2014-05-20 02:58:02

相关问题

 相关问题