我已经使用Php数据对象创建了登录脚本。 但是它不能正常工作问题是即使密码与数据库记录不匹配,它也会让任何用户登录。我对这部分非常困惑,我无法弄清楚。PHP PDO登录过程不起作用
$case = 1;
include("common/top.php");
if(isset($_SESSION['STAKEZONE']))
{
header("Location: dashboard.php");
}
if(!empty($_POST['login']))
{
if($_POST['username'] == '')
{
$msg = 'Please Enter your Username! <br>';
$case = 0;
}
if($_POST['password'] == '')
{
$msg = 'Please Enter your Password!';
$case = 0;
}
if($case == 1)
{
$username = $_POST['username'];
$password = $_POST['password'];
$sql = $dbh->prepare("SELECT * FROM users WHERE username = ?");
$sql->execute(array($username));
while($u = $sql->fetch())
{
$id = $u['id'];
$password_query = $u['password'];
$lastip = $u['lastip'];
$status = $u['status'];
}
$row = $sql->fetch(PDO::FETCH_ASSOC);
if($status == '0' && $row)
{
$msg = base64_encode('Your Account is Inactive');
header("Location: login.php?msg=$msg");
die;
}
$password_md5 = md5($password);
if($password_md5 = $password_query)
{
$sql = "UPDATE users
SET lastip = ?
WHERE id = ?";
$q = $dbh->prepare($sql);
$q->execute(array($_SERVER['REMOTE_ADDR'],$id));
$_SESSION['STAKEZONE']['user'] = $username;
$_SESSION['STAKEZONE']['id'] = $id;
header("Location: dashboard.php");
die;
}
else
{
$msg = base64_encode("Wrong Username Or Password");
header("Location: login.php?msg=$msg");
die;
}
}
else
{
header("Location: login.php?msg=$msg");
die;
}
}
感谢您的帮助,非常感谢。
你也应该'你的第一个'header'电话后exit',你将永远也赶不上你的不活跃用户为'$ row'将始终评估在那个时候“虚假”;在你的循环之后没有剩下的行。 – jeroen
啊我该怎么办:/? – user3356613