执行Mysql查询时,如果语句检查未在PHP函数中实现
在我的网站上注册后,激活链接会将表中的“已激活”字段从0设置为1。因此,除非用户单击激活链接,否则他/她应该无法登录,但由于某些原因,登录功能仍在执行,并且激活没有任何用处,我甚至尝试了查询中的and条件,但没有任何用处,请有人帮我输入代码执行Mysql查询时,如果语句检查未在PHP函数中实现,php,mysql,sql,if-statement,Php,Mysql,Sql,If Statement,在我的网站上注册后,激活链接会将表中的“已激活”字段从0设置为1。因此,除非用户单击激活链接,否则他/她应该无法登录,但由于某些原因,登录功能仍在执行,并且激活没有任何用处,我甚至尝试了查询中的and条件,但没有任何用处,请有人帮我输入代码 function login() { if(isset($_POST['submit'])) { $db = new Connection(DB_HOST, DB_USER, DB_PASS, DB_NAME); $usernam
function login()
{
if(isset($_POST['submit']))
{
$db = new Connection(DB_HOST, DB_USER, DB_PASS, DB_NAME);
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
if($username == '')
{
setMessage('Sorry you did not enter a username.', 0);
header('Location: '.BASE_URL.'dashboard/login');
exit;
}
elseif($password == '')
{
setMessage('Sorry, you did not enter a password.', 0);
header('Location: '.BASE_URL.'dashboard/login');
exit;
}
else
{
$result = $db->query('
SELECT ID, name, email, password, type, activated, suspended, count
FROM users
WHERE email = "'.$username.'"
LIMIT 1
');
$totalRows = mysql_num_rows($result);
if($totalRows == 1)
{
while($row = mysql_fetch_assoc($result))
{
if(verifyPassword($password, $row['password']) == TRUE)
{
if($row['activated'] == 0)
{
setMessage('You have not activated your account.', 0);
header('Location: '.BASE_URL.'dashboard/login');
exit;
}
if($row['suspended'] == 1)
{
setMessage('Your account is suspended. You may request to have your account restored by sending us a message on the Contact us page of newtongrads.com.', 0);
header('Location: '.BASE_URL.'dashboard/login');
exit;
}
if($row['type'] != 'ADMIN')
{
setMessage('You don\'t have enough privileges to access this page.', 0);
header('Location: '.BASE_URL.'dashboard/login');
exit;
}
else
{
$_SESSION['admin']['sessionID'] = base64_encode(date('Ymdhis'));
$_SESSION['admin']['userID'] = $row['ID'];
$_SESSION['admin']['email'] = $row['email'];
$_SESSION['admin']['type'] = $row['type'];
$_SESSION['admin']['fullName'] = getName($row['ID']);
$_SESSION['admin']['profileImage'] = $row['ID'];
setcookie('username', $username, time() + (86400 * 7));
//setcookie('password', $password, time() + (86400 * 7));
//$row['type'];
$query = 'UPDATE users
SET count = "'.($row['count']+1).'"
WHERE ID = "'.$row['ID'].'"';
$db->query($query);
setMessage('Successfully logged in.', 1);
header('Location: '.BASE_URL.'dashboard/home');
exit;
}
}
else
{
setMessage('Sorry, you have entered an incorrect password.', 0);
header('Location: '.BASE_URL.'dashboard/login');
exit;
}
}
}
else
{
setMessage('Sorry, no user exists with that username.', 0);
header('Location: '.BASE_URL.'dashboard/login');
exit;
}
}
}
}
<?php
function login()
{
if(isset($_POST['submit']))
{
$db = new Connection(DB_HOST, DB_USER, DB_PASS, DB_NAME);
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
if($username == '')
{
setMessage('Sorry you did not enter a username.', 0);
header('Location: '.BASE_URL.'dashboard/login');
exit;
}
elseif($password == '')
{
setMessage('Sorry, you did not enter a password.', 0);
header('Location: '.BASE_URL.'dashboard/login');
exit;
}
else
{
$result = $db->query('
SELECT ID, name, email, password, type, activated, suspended, count
FROM users
WHERE email = "'.$username.'"
LIMIT 1
');
$totalRows = mysql_num_rows($result);
if($totalRows == 1)
{
while($row = mysql_fetch_assoc($result))
{
if(verifyPassword($password, $row['password']) == TRUE)
{
$activated = $row['activated'];
if($activated == 0)
{
setMessage('You have not activated your account.', 0);
header('Location: '.BASE_URL.'dashboard/login');
exit;
}
if($row['suspended'] == 1)
{
setMessage('Your account is suspended. You may request to have your account restored by sending us a message on the Contact us page of newtongrads.com.', 0);
header('Location: '.BASE_URL.'dashboard/login');
exit;
}
if($row['type'] != 'ADMIN')
{
setMessage('You don\'t have enough privileges to access this page.', 0);
header('Location: '.BASE_URL.'dashboard/login');
exit;
}
else
{
$_SESSION['admin']['sessionID'] = base64_encode(date('Ymdhis'));
$_SESSION['admin']['userID'] = $row['ID'];
$_SESSION['admin']['email'] = $row['email'];
$_SESSION['admin']['type'] = $row['type'];
$_SESSION['admin']['fullName'] = getName($row['ID']);
$_SESSION['admin']['profileImage'] = $row['ID'];
setcookie('username', $username, time() + (86400 * 7));
//setcookie('password', $password, time() + (86400 * 7));
//$row['type'];
$query = 'UPDATE users
SET count = "'.($row['count']+1).'"
WHERE ID = "'.$row['ID'].'"';
$db->query($query);
setMessage('Successfully logged in.', 1);
header('Location: '.BASE_URL.'dashboard/home');
exit;
}
}
else
{
setMessage('Sorry, you have entered an incorrect password.', 0);
header('Location: '.BASE_URL.'dashboard/login');
exit;
}
}
}
else
{
setMessage('Sorry, no user exists with that username.', 0);
header('Location: '.BASE_URL.'dashboard/login');
exit;
}
}
}
}
?>
?>
除了发布解决方案之外,您还应该尝试解释为什么它不起作用。否则OP很容易在不知道如何修复的情况下再次犯同样的错误。@马克谢谢你的建议实际上OP是直接访问if条件中的$row['activated'],这是一个逻辑错误,由于优先级原因,因此我已将结果存储在一个变量中,然后执行if条件,该条件应该可以正常工作!我回答问题得了-1分?我是这个社区的新手,但你们看起来很漂亮rude@PavanJiwnani谢谢,但还是不起作用,直接登录,但它应该执行您使用的最后一个elseohk if条件而不是elseif。请将所有内部if条件替换为elseif,否则它将只检查类型,如果不是admin,则它将登录到系统