1. 首页
  2. 问答
  3. PHP登录用户名错误

PHP登录用户名错误

2017-04-15 61 views
-1

我正在为登录写代码。我从另一个资源获取了代码。一切似乎都没有问题,但它始终告诉我Alumni_ID(用户名)不存在 - 即使它已经存在。PHP登录用户名错误

的登录PHP代码:

<?php 
 
    error_reporting(E_ALL); ini_set('display_errors', 1); 
 

 
$servername = getenv('IP'); 
 
$username = getenv('C9_USER'); 
 
$password = ""; 
 
$database = "c9"; 
 
$dbport = 3306; 
 
    $conn = mysqli_connect($servername,$username,"",$database,$dbport) or die(mysqli_error()); 
 
    if($_SERVER["REQUEST_METHOD"] == "POST"){ 
 
\t 
 
\t 
 
\t $query = mysql_query("SELECT Alumni_ID, Password from 'Alumni' WHERE Alumni_ID='$Alumni_ID'"); //Query the Alumni table if there are matching rows equal to $Alumni_ID 
 
\t 
 
\t $exists = mysql_num_rows($query); //Checks if Alumni_ID exists 
 
\t $table_Alumni = ""; 
 
\t $table_Password = ""; 
 
\t 
 
\t if($exists = 0) //IF there are no returning rows or no existing Alumni_ID 
 
\t 
 
\t  { 
 
       \t \t while($row = mysql_fetch_assoc($query)) //display all rows from query 
 
       \t \t { 
 
       \t \t \t $table_Alumni_ID = $row['Alumni_ID']; // the first Alumni_ID row is passed on to $table_Alumni, and so on until the query is finished 
 
       \t \t \t $table_Password = $row['Password']; // the first Password row is passed on to $table_Alumni, and so on until the query is finished 
 
       \t \t } 
 
       \t \t if(($Alumni_ID == $table_Alumni_ID) && ($Password == $table_Password)) // checks if there are any matching fields 
 
       \t \t { 
 
       \t \t \t \t if($Password == $table_Password) 
 
       \t \t \t \t { 
 
       \t \t \t \t \t $_SESSION['user'] = $Alumni_ID; //set the Alumni_ID in a session. This serves as a global variable 
 
       \t \t \t \t \t header("location: loggedalumni/index.php"); // redirects the user to the authenticated home page 
 
       \t \t \t \t } 
 
       \t \t \t \t 
 
       \t \t } 
 
       \t \t else 
 
       \t \t { 
 
       \t \t \t Print '<script>alert("Incorrect Password!");</script>'; //Prompts the user 
 
       \t \t \t Print '<script>window.location.assign("index.php");</script>'; // redirects to login.php 
 
       \t \t } 
 
\t } 
 
\t else 
 
\t { 
 
\t \t Print '<script>alert("Incorrect Username!");</script>'; //Prompts the user 
 
\t \t Print '<script>window.location.assign("index.php");</script>'; // redirects to login.php 
 
\t } 
 
} 
 
?>

这是形式:

<div class="col-lg-12"> 
 
           <div class="nav-link" style= "text-align: center;"><h3><b>Log In</b></h3></div> 
 
           <form id="ajax-login-form" action=" " method="post" role="form" autocomplete="off"> 
 
            <div class="form-group"> 
 
             <label for="Alumni_ID" style= "text-align: center;">Alumni ID</label> 
 
             <input type="text" name="Alumni_ID" tabindex="1" class="form-control" placeholder="Your Alumni ID" value="" autocomplete="off"> 
 
            </div> 
 

 
            <div class="form-group"> 
 
             <label for="password" style= "text-align: center;">Password</label> 
 
             <input type="password" name="password" id="password" tabindex="2" class="form-control" placeholder="Password" autocomplete="off"> 
 
            </div> 
 

 
            <div class="form-group"> 
 
             <div class="row row-centered" style="padding-left:20px"> 
 
              <div class="col-xs-7"> 
 
               <input type="checkbox" tabindex="3" name="remember" id="remember"> 
 
               <label for="remember" style= "align: center;"> Remember Me</label> 
 
              </div> 
 
              </div> 
 
              <div class="row row-centered"> 
 
              <div class="col-xs-5" style="padding-left:75px"> 
 
               <input type="submit" name="login-submit" id="login-submit" tabindex="4" class="form-control btn btn-success" style="background-color: #6a0001;" value="Log In" align="middle"> 
 
              </div> 
 
             </div> 
 
            </div> 
 

 
            <div class="form-group"> 
 
             <div class="row"> 
 
              <div class="col-lg-12"> 
 
               <hr> 
 
               <div style="padding-left:10px"> 
 
                <a href="recover.php" tabindex="5" class="forgot-password" style = "color: black">Forgot Password?</a> 
 
               </div> 
 
               <hr> 
 
               <div style="padding-left:10px"> 
 
                <a href="NewAlumni.php" tabindex="5" class="forgot-password" style = "color: black">Register Account</a> 
 
               </div> 
 
               <hr> 
 
               <div style="padding-left:10px"> 
 
                <a href="adminlogin.php" tabindex="5" class="forgot-password" style = "color: black">Admin Login</a> 
 
               </div> 
 

 
              </div> 
 
             </div> 
 
            </div> 
 
            <input type="hidden" class="hide" name="token" id="token" value="a465a2791ae0bae853cf4bf485dbe1b6"> 
 
           </form> 
 
          </div>

来源

2017-04-15 b_g

+0

那是一个PHP错误或SQL错误?你能否包含实际的错误信息。尝试'打印“选择Alumni_ID,来自'Alumni'的密码WHERE Alumni_ID ='$ Alumni_ID'”;'在你的代码中,然后直接在SQL中运行输出语句。 – Manngo

+0

您正在使用mysql函数。他们贬值,并受到黑客攻击。改用mysqli函数。 –

+0

@SloanThrasher是正确的,但我看到他们正在混入'mysqli_'语句,这更糟糕。请参阅http://stackoverflow.com/questions/17498216/can-i-mix-mysql-apis-in-php了解这可能会导致失败。 – Manngo

回答

-1

你没有定义什么VA可变结构$Aliumni_ID

$query = mysql_query("SELECT Alumni_ID, Password from 'Alumni' WHERE Alumni_ID='$Alumni_ID'");

一个不正确的,但工作的代码是

$query = mysql_query("SELECT Alumni_ID, Password from 'Alumni' WHERE Alumni_ID='".$_POST['Alumni_ID']."'");

来源

2017-04-15 00:16:05 Forbs

+0

“更合适的代码”是使用准备好的语句和查询参数。你在倡导SQL注入代码。 – David

+0

的确,这确实会导致注射的一个主要问题 – Forbs

相关问题

 相关问题