Php 登录脚本未登录
我还不能完全理解oop,所以我现在还是坚持使用过程编码 好的,脚本的注册和身份验证部分可以工作,它是登录的,我不确定我的错误在哪里Php 登录脚本未登录,php,mysql,login,Php,Mysql,Login,我还不能完全理解oop,所以我现在还是坚持使用过程编码 好的,脚本的注册和身份验证部分可以工作,它是登录的,我不确定我的错误在哪里 <?php include ('database_connection.php'); if (isset($_POST['formsubmitted'])) { // Initialize a session: session_start(); $error = array();//this aaray will store all error m
<?php
include ('database_connection.php');
if (isset($_POST['formsubmitted']))
{
// Initialize a session:
session_start();
$error = array();//this aaray will store all error messages
if (empty($_POST['e-mail']))
{
//if the email supplied is empty
$error[] = 'You forgot to enter your Email ';
}
else
{
if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['e-mail']))
{
$Email = $_POST['e-mail'];
}
else
{
$error[] = 'Your EMail Address is invalid ';
}
}
if (empty($_POST['Password']))
{
$error[] = 'Please Enter Your Password ';
}
else
{
$Password = $_POST['Password'];
}
if (empty($error))//if the array is empty , it means no error found
{
$query_check_credentials = "SELECT * FROM users WHERE (email ='$Email' AND cpassword='$Password') AND code IS NULL";
$result_check_credentials = mysqli_query($dbc, $query_check_credentials);
if(!$result_check_credentials)
{
//If the QUery Failed
echo 'Query Failed ';
}
if (@mysqli_num_rows($result_check_credentials) == 1)
//if Query is successfull A match was made.
{
$_SESSION = mysqli_fetch_array($result_check_credentials, MYSQLI_ASSOC);//Assign the result of this query to SESSION Global Variable
header("Location: page.php");
}
else
{
$msg_error= 'Either Your Account is inactive or Email address /Password is Incorrect';
}
}
else
{
echo '<div class="errormsgbox"> <ol>';
foreach ($error as $key => $values)
{
echo '<li>'.$values.'</li>';
}
echo '</ol></div>';
}
if(isset($msg_error))
{
echo '<div class="warning">'.$msg_error.' </div>';
}
/// var_dump($error);
mysqli_close($dbc);
} // End of the main Submit conditional.
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org /TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login Form</title>
<style type="text/css">
body {
font-family:"Lucida Grande", "Lucida Sans Unicode", Verdana, Arial, Helvetica, sans-serif;
font-size:12px;
}
.registration_form {
margin:0 auto;
width:500px;
padding:14px;
}
label {
width: 10em;
float: left;
margin-right: 0.5em;
display: block
}
.submit {
float:right;
}
fieldset {
background:#EBF4FB none repeat scroll 0 0;
border:2px solid #B7DDF2;
width: 500px;
}
legend {
color: #fff;
background: #80D3E2;
border: 1px solid #781351;
padding: 2px 6px
}
.elements {
padding:10px;
}
p {
border-bottom:1px solid #B7DDF2;
color:#666666;
font-size:11px;
margin-bottom:20px;
padding-bottom:10px;
}
a{
color:#0099FF;
font-weight:bold;
}
/* Box Style */
.success, .warning, .errormsgbox, .validation {
border: 1px solid;
margin: 0 auto;
padding:10px 5px 10px 60px;
background-repeat: no-repeat;
background-position: 10px center;
font-weight:bold;
width:450px;
}
.success {
color: #4F8A10;
background-color: #DFF2BF;
background-image:url('images/success.png');
}
.warning {
color: #9F6000;
background-color: #FEEFB3;
background-image: url('images/warning.png');
}
.errormsgbox {
color: #D8000C;
background-color: #FFBABA;
background-image: url('images/error.png');
}
.validation {
color: #D63301;
background-color: #FFCCBA;
background-image: url('images/error.png');
}
</style>
</head>
<body>
<form action="login.php" method="post" class="registration_form">
<fieldset>
<legend>Login Form </legend>
<p>Enter Your username and Password Below </p>
<div class="elements">
<label for="name">Email :</label>
<input type="text" id="e-mail" name="e-mail" size="25" />
</div>
<div class="elements">
<label for="Password">Password:</label>
<input type="password" id="Password" name="Password" size="25" />
</div>
<div class="submit">
<input type="hidden" name="formsubmitted" value="TRUE" />
<input type="submit" value="Login" />
</div>
</fieldset>
</form>
Go Back to <a href="#">Account Verification on sign up</a>
</body>
</html>
首先:您应该转义mysql输入
$query_check_credentials = "SELECT * FROM users WHERE (email ='$Email' AND cpassword='$Password') AND code IS NULL";
应该是
$query_check_credentials = "SELECT * FROM users WHERE (email =".mysqli_real_escape_string($Email)." AND cpassword=".mysqli_real_escape_string($Password).") AND code IS NULL";
其次,我很确定你不应该这样做
$_SESSION = mysqli_fetch_array($result_check_credentials, MYSQLI_ASSOC);
但更像是
$_SESSION['userdata'] = mysqli_fetch_array($result_check_credentials, MYSQLI_ASSOC);
$\u会话['Username']可能来自设置它的早期代码。好吧,这是一个很长的过程,可能需要一些修改才能使其工作,但可能尝试更改
if (@mysqli_num_rows($result_check_credentials) == 1)
//if Query is successfull A match was made.
{
$_SESSION = mysqli_fetch_array($result_check_credentials, MYSQLI_ASSOC);//Assign the result of this query to SESSION Global Variable
header("Location: page.php");
}
ob_start();
session_start();
if(!isset($_SESSION['Username'])){
header("Location: login.php");
}
到
然后,在“成员”页面上,尝试更改
if (@mysqli_num_rows($result_check_credentials) == 1)
//if Query is successfull A match was made.
{
$_SESSION = mysqli_fetch_array($result_check_credentials, MYSQLI_ASSOC);//Assign the result of this query to SESSION Global Variable
header("Location: page.php");
}
ob_start();
session_start();
if(!isset($_SESSION['Username'])){
header("Location: login.php");
}
到
哇,试着只发布相关的代码示例,而不是整个文件…它会产生什么错误?您不应该用这种方式覆盖$\u SESSION Global
$\u SESSION=mysqli\u fetch\u array
您应该循环sql结果,特别是添加会话键/值。还有标题(“Location:login.php”)后面的任何代码代码>将被执行,您需要添加模具;在标题重定向之后,您是否真的在表中以纯文本形式存储密码?Unescaped$password
变量也是一个非常好的注入向量。我理解普通密码的风险,但是,读取此特定信息的服务器没有内置md5。所以,我只限于平原。它给出的错误是登录/密码不正确。如果是的话,我就不能注册然后验证它了。此外,成员页面是重定向回登录时出错的页面。我唯一能想到的是用户名是不正确的会话处理程序。因此,如果我将$\u会话['userdata']设置为数据库中的匹配字段,它应该可以工作吗?或者我应该选择特定的领域?为了获得用户id,我在它前面还有两个字段。具体来说:Innitime,id,cid,其中Innitime指定给后台服务器,id是每个成员更新的个人隐藏id,cid是他们需要登录的特定id。在我的示例中,id将位于$\u会话['userdata']['id']
中。
ob_start();
session_start();
if( !isset($_SESSION['Username']) && !isset($_SESSION['userdata']) ){
header("Location: login.php");
}