1. 首页
  2. 问答
  3. 使用PHP和MySQL登录不起作用

使用PHP和MySQL登录不起作用

2014-06-08 39 views
1

我使用php和mysql创建登录表单。我的过程是,如果用户成功登录到那里的数据库,然后显示页面上的用户名。 这是我的数据库:使用PHP和MySQL登录不起作用

id | username | email |   password 
--------------------------------------------------------------------------------- 
1 | x  | [email protected] | 642653d3f6d0a83db108b692de395f9cb8948651 
2 | y  | [email protected] | 642653d3f6d0a83db108b692de395f9cb8948651 
3 | z  | [email protected] | 642653d3f6d0a83db108b692de395f9cb8948651 
4 | w  | [email protected] | 642653d3f6d0a83db108b692de395f9cb8948651

,我的代码是:

<?php 
define('INCLUDE_CHECK',true); 
require 'db.php'; 
session_name('flLogin'); 
session_set_cookie_params(2*7*24*60*60); 
session_start(); 
if($_SESSION['id'] && !isset($_COOKIE['flRemember']) && !$_SESSION['rememberMe']) 
{ 
    $_SESSION = array(); 
    session_destroy(); 
} 
if(isset($_GET['logoff'])) 
{ 
    $_SESSION = array(); 
    session_destroy(); 
    header("Location: index.php"); 
    exit; 
} 
if($_POST['submit']=='Login') 
{ 
    $err = array(); 
    if(!$_POST['email'] || !$_POST['password']) 
     $err[] = 'All the fields must be filled in!'; 
    if(!count($err)) 
    { 
      $hasspass=md5($_POST['password']); 
     $_POST['email'] = mysql_real_escape_string($_POST['email']); 
     $_POST['password'] = mysql_real_escape_string($_POST['password']); 
     $_POST['rememberMe'] = (int)$_POST['rememberMe']; 
     $row = mysql_fetch_assoc(mysql_query("SELECT id,username,email FROM database WHERE email='{$_POST['email']}' AND password='".$hasspass."'")); 
     if($row['email']) 
     { 
      $_SESSION['email']=$row['email']; 
      $_SESSION['id'] = $row['id']; 
      $_SESSION['username'] = $row['username']; 
      $_SESSION['rememberMe'] = $_POST['rememberMe']; 
      setcookie('flRemember',$_POST['rememberMe']); 
     } 
     else $err[]='Wrong email and/or password!'; 
    } 
    if($err) 
    $_SESSION['msg']['login-err'] = implode('<br />',$err); 
    header("Location: index.php"); 
    exit; 
} 
?> 
<html> 
<head> 
</head> 
<body> 
<div id="toppanel"> 
    <div id="panel"> 
     <div class="content clearfix"> 
      <?php 
      if(!$_SESSION['id']): 
      ?> 
      <div class="left"> 
       <form class="clearfix" action="" method="post"> 
        <?php 
         if($_SESSION['msg']['login-err']) 
         { 
          echo '<div class="err">'.$_SESSION['msg']['login-err'].'</div>'; 
          unset($_SESSION['msg']['login-err']); 
         } 
        ?> 
        <input class="field" type="email" name="email" id="email" placeholder="email" value="" size="23" /> 
        <input class="field" type="password" name="password" id="password" placeholder="password" size="23" /> 
        <label><input name="rememberMe" id="rememberMe" type="checkbox" checked="checked" value="1" /> &nbsp;Remember me</label> 
        <input type="submit" name="submit" value="Login" class="bt_login" /> 
       </form> 
      </div> 

      <?php 
      else: 
      endif; 
      ?> 
     </div> 
    </div> <!-- /login --> 


      <?php echo $_SESSION['id'] ? $_SESSION['username'] : ' ';?>   
       <a href="#"><?php echo $_SESSION['id']?'<a href="?logoff">Log off</a>':'Log In | Register';?></a> 


</body> 
</html>

它没有奏效。我没有发现错误。请有人帮助我。

来源

2014-06-08 Aiswarjya

+2

你是开放的[SQL注入攻击(HTTP://en.wikipedia .org/wiki/SQL_injection),并且您正在使用一个Deprecated API。请找到一个修复[这里](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1)。 –

+0

@ShankarDamodaran是我还是他正在使用mysql_real_escape_string?或者您不能重新编写$ _POST值 – Zerquix18

+0

@ Zerquix18,** Both **。您应该建议OP切换到“PDO/MySQLi”准备好的语句。 –

回答

0

试试这个:

$query = mysql_query("SELECT id,username,email FROM database WHERE email='{$_POST['email']}' AND password='".$hasspass."'"); 
if(mysql_num_rows($query) > 0) { 
    $row = mysql_fetch_assoc($query); 
    // save your $_SESSION values here... 
}else{ 
    $err[]='Wrong email and/or password!'; 
}

来源

2014-06-08 05:06:25 Zerquix18

0 
if($_POST['submit']=='Login')

改变这

if($_POST['submit'])

完蛋了

来源

2014-07-08 04:48:15

相关问题

 相关问题