我是PHP的新手,我正在尝试在不使用模板代码的情况下创建Login系统。 我连接到以下代码的注册表单完整地工作并将用户保存到我的数据库中没有任何问题。
现在,这是我的登录代码。我创建了几个用户来使用我的注册表单对其进行测试。 这就是我在PHP中所拥有的:
<?php
session_start();
include_once('classes/connection.php');
if(isset($_POST['username']))
{
if(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = mysqli_real_escape_string($link, $_POST['username']);
$password = md5(mysqli_real_escape_string($link, $_POST['password']));
$checklogin = mysqli_query($link, "SELECT * FROM tblusers WHERE username = '".$username."' AND password = '".$password."'");
if(mysqli_num_rows($checklogin) == 1)
{
$row = mysqli_fetch_array($checklogin);
$username = $row['username'];
$email = $row['email'];
$name = $row['name'];
$surname = $row['surname'];
$_SESSION['Username'] = $username;
$_SESSION['Email'] = $email;
$_SESSION['Name'] = $name;
$_SESSION['Surname'] = $surname;
$_SESSION['LoggedIn'] = 1;
header('location: index.php');
}
else
{
$feedback= "<p>Your account was not found, please try again.</p>";
}
} else
{
$feedback= "<p>Please fill in all the blank areas.</p>";
}
}
?>
此处是与此相关的HTML:
<article>
<?php if(isset($feedback)): ?> <!-- BEGIN FEEDBACK -->
<div id="feedback">
<?php echo $feedback ?>
</div>
<?php endif; ?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<h2>Login</h2>
<table><tr>
<td>Username:</td>
<td><input size="10%" id="username" class="form-text" name="username"type="text"/></td></tr>
<tr>
<td>Password:</td>
<td><input size="10%" id="password" class="form-text" name="password" type="password"/></td>
</tr>
<tr>
<td></td>
<td><input name="loginknop" type="submit" value="Login" />
<a href="register.php">No account? Click here!</a></td>
</tr></table>
</form>
</article>
对我来说,这一切似乎都是正确的,并且能够发挥作用。但是,每次我测试此登录时,例如:USERNAME:TEST和PASSWORD:TEST123(已经在我的数据库中,作为潜在用户),我得到我的反馈说:“您的帐户未找到,请尝试再次。”
所以我的问题是: 1)我该如何解决这个问题?我相信我的代码是正确的,但我不知道为什么它一直告诉我我的帐户不存在。
2)关于如何改进或缩短此代码的建议也很受欢迎,我很想学习
答案 0 :(得分:1)
您只需要在php文件中添加一些调试代码行,这样就可以找到问题所在。
例如:
if(!empty($_POST['username']) && !empty($_POST['password']))
{
echo "You entered: username={$_POST['username']}, password={$_POST['password']}<br>";
$username = mysqli_real_escape_string($link, $_POST['username']);
$password = md5(mysqli_real_escape_string($link, $_POST['password']));
echo "Your username after escaping: {$username}<br>";
echo "Your password after scaping and MD5: {$password}<br>";
$checklogin = mysqli_query($link, "SELECT * FROM tblusers WHERE username = '".
$username."' AND password = '".$password."'");
echo "Count of users with the same username and password = " . mysqli_num_rows($checklogin);
$checkusername = mysqli_query($link, "SELECT * FROM tblusers WHERE username = '". $username."'");
echo "Count of users with the same username = " . mysqli_num_rows($checkusername);
$checkpass = mysqli_query($link, "SELECT * FROM tblusers WHERE password = '". $password."'");
echo "Count of users with the same password md5 = " . mysqli_num_rows($checkpass);
if(mysqli_num_rows($checklogin) == 1)
{
$row = mysqli_fetch_array($checklogin);
$username = $row['username'];
$email = $row['email'];
$name = $row['name'];
$surname = $row['surname'];
$_SESSION['Username'] = $username;
$_SESSION['Email'] = $email;
$_SESSION['Name'] = $name;
$_SESSION['Surname'] = $surname;
$_SESSION['LoggedIn'] = 1;
//header('location: index.php'); <-- comment it to see debug info
}
之后你可以看到问题所在。我现在看到的可能是:
P.S。如果它对您没有帮助,请在此处发布您登录后获得的所有这些回声的输出!
答案 1 :(得分:0)
这一行:
$password = md5(mysqli_real_escape_string($link, $_POST['password']));
将您输入的数据带入屏幕TEST123
并为其创建MD5
哈希值。
所以它看起来像这样:
22b75d6007e06f4a959d1b1d69b4c4bd
因此,如果您说您的数据库有
username = 'TEST'
password = "TEST123'
进行查询时
$checklogin = mysqli_query($link, "SELECT * FROM tblusers WHERE username = '$username' AND password = '$password' ");
$password will = 22b75d6007e06f4a959d1b1d69b4c4bd
但是tabuser.password将='TEST123',因此不会选择该行!