2014-01-28 94 views
-1

它不工作,我花了几个小时和一半的头发试图找出原因。我已经在我的HTML索引文件嵌入这个代码的形式:代码登录和数据库连接在PHP

我想创建登录和注销会话

我在MySQL数据库表中的代码看起来像这样

CREATE TABLE member (id int(10) NOT NULL auto_increment, userName varchar(50) NOT NULL, passWord varchar(50) NOT NULL, PRIMARY KEY (id)) ENGINE=MyISAM utf8_general_ci AUTO_INCREMENT=3 ; 

<?php 

    // Inialize session 

    session_start(); 
    // Include database connection settings 
    $hostname = 'localhost';  // Your MySQL hostname. Usualy named as 'localhost',  so you're NOT necessary to change this even this script has already  online on the internet. 
    $dbname = 'database'; // Your database name. 
    $username = 'root';    // Your database username. 
    $password = '';     // Your database password. If your database has no   password, leave it empty. 

    // Let's connect to host 
    mysql_connect($hostname, $username, $password) or DIE('Connection to host is failed,  perhaps the service is down!'); 
    // Select the database 
     mysql_select_db($dbname) or DIE('Database name is not available!'); 


     // Retrieve username and password from database according to user's input 
    $userName=mysql_real_escape_string($_POST['username']); 
    $password=mysql_real_escape_string($_POST['password']); 
    $passWord=md5($password); // Encrypted Password 

     //*********retrieving data from Database********** 

     $query = "SELECT * FROM member WHERE userName='$userName' and passWord='$passWord'"; 
     //$login = mysqli_query("SELECT userName,password FROM 'member' WHERE userName=   $_post['username'] AND passWord= $_post['password'])"); 
     // Check username and password match 
     $res = mysql_query($query); 

     $rows = mysql_num_rows($res); 
     if ($rows==1) { 
     // Set username session variable 

     $_SESSION['userName'] = $_POST['username']; 

    // Jump to secured page 
     header("Location: securedpage.php"); 
    } 
    else { 
    // Jump to login page 
    echo "user name and password not found"; 
    } 
    exit; 
    ?> 

而登录它直接找到用户名和密码,甚至找不到用户名和密码,甚至用户名和密码都是正确的

+1

这应该很容易调试。你到目前为止做了哪些故障排除? –

+1

这里有很多红旗 - 'mysql_'弃用,纯文本密码存储,没有MySQL root密码等。我建议在谷歌搜索“PHP MySQL登录”之后从头开始重新考虑这个 – jterry

+0

@ jterry密码可能已被删除而不是把它粘贴到世界上去看......但是,这里有很多问题。 – naththedeveloper

回答

0

假定您只是将此用于学习目的而非实际应用

您应该检查你的数据库设置和照顾,所有的东西都在的地方,那么你需要从那里你会做后这个PHP文件的形式,这里是小更新:

<?php 

    session_start(); 
    $hostname = 'localhost'; 
    $dbname = 'yourdatabase'; 
    $username = 'root'; 
    $password = 'yourpassword'; 
    mysql_connect($hostname, $username, $password) or DIE('Connection to host isailed, perhaps the service is down!'); 
    mysql_select_db($dbname) or DIE('Database name is not available!'); 

    $userName=mysql_real_escape_string($_POST['username']); 
    $passWord=md5(mysql_real_escape_string($_POST['password'])); 
    $query = "SELECT id FROM member WHERE userName='$userName' and passWord='$passWord'"; 
    $res = mysql_query($query); 
    $rows = mysql_num_rows($res); 
    if ($rows==1) 
    { 
     $_SESSION['userName'] = $_POST['username']; 
     header("Location: securedpage.php"); 
    } 
    else 
    { 
     echo "user name and password not found"; 
     // TODO - replace message with redirection to login page 
     // header("Location: securedpage.php"); 
    } 

>

这应该工作,但要记住这个代码必须重新写上不同的方式,否则这一个有一个大的安全问题等。

在DB设置小幅盘整

CREATE TABLE member (id int(10) NOT NULL auto_increment, userName varchar(50) NOT NULL, passWord varchar(50) NOT NULL, PRIMARY KEY (id)) ENGINE=MyISAM; 
0

这里是代码....修改并尝试

<?php 
session_start(); 

$connect = mysql_connect('localhost', 'root', '') or die('Database could not connect'); 
$select = mysql_select_db('test', $connect) or die('Database could not select'); 

if (isset($_POST['submit'])) { 
    $username = $_POST['username']; 
    $password = $_POST['password']; 
    chckusername($username, $password); 
} 

function chckusername($username, $password){ 

    $check = "SELECT * FROM login WHERE username='$username'"; 
    $check_q = mysql_query($check) or die("<div class='loginmsg'>Error on checking Username<div>"); 

    if (mysql_num_rows($check_q) == 1) { 
     chcklogin($username, $password); 
    } 
    else{ 
     echo "<div id='loginmsg'>Wrong Username</div>"; 
    } 
} 

function chcklogin($username, $password){ 

    $login = "SELECT * FROM login WHERE username='$username' and password='$password'"; 
    $login_q = mysql_query($login) or die('Error on checking Username and Password'); 

    if (mysql_num_rows($login_q) == 1){ 
     echo "<div id='loginmsg'> Logged in as $username </div>"; 
     $_SESSION['username'] = $username; 
     header('Location: member.php'); 
    } 
    else { 
     echo "<div id='loginmsg'>Wrong Password </div>"; 
     //header('Location: login-problem.php'); 
    } 
} 
?> 
+1

你能否详细说明你改变了什么,这样读者就不必做差异来找出问题所在? – Noumenon