php登录和数据库请求
我们有一个带有php post的表单,将通信重定向到数据库,我们想知道是否有一个简单的方法来检测失败的登录是否怀疑用户名不存在或密码不匹配。将每个错误作为单独的选项php登录和数据库请求,php,mysql,login,Php,Mysql,Login,我们有一个带有php post的表单,将通信重定向到数据库,我们想知道是否有一个简单的方法来检测失败的登录是否怀疑用户名不存在或密码不匹配。将每个错误作为单独的选项 <form id="form1" action="doLogin.php" method="post"> <div id="border2"> <table class="table_text" cellpadding="2" cellspacing="0" border="0">
<form id="form1" action="doLogin.php" method="post">
<div id="border2">
<table class="table_text" cellpadding="2" cellspacing="0" border="0">
<tr>
<td>Username:</td>
<td><input type="text" name="username" class="input" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" class="input" /></td>
</tr>
<tr>
<td colspan="2" align="right"><a target="_new" href="register.php">Register</a><input id="login_button" type="submit" name="submit" value="Login" class="button" /></td>
</tr>
</table>
</div>
</form>
用户名:
密码:
function protect($string){
$string = trim(strip_tags(addslashes($string)));
return $string;
}
if($_POST['submit']){
$username = protect($_POST['username']);
$password = protect($_POST['password']);
if(!$username || !$password){
//if not display an error message
echo "<script> alert('No data entered') </script>";
echo "<script type='text/javascript'>document.location.href='index.php';</script>";
}else{
//if the were continue checking
//select all rows from the table where the username matches the one entered by the user
$res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."'");
$num = mysql_num_rows($res);
//check if there was not a match
if($num == 0){
//if not display an error message
echo "<script> alert('User does not exist') </script>";
echo "<script type='text/javascript'>document.location.href='index_spa.php';</script>";
}else{
//if there was a match continue checking
//select all rows where the username and password match the ones submitted by the user
$res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'");
$num = mysql_num_rows($res);
//check if there was not a match
if($num == 0){
//if not display error message
echo "<script> alert('Invalid Password') </script>";
echo "<script type='text/javascript'>document.location.href='index.php';</script>";
}else{
//if there was continue checking
//split all fields fom the correct row into an associative array
$row = mysql_fetch_assoc($res);
//check to see if the user has not activated their account yet
if($row['active'] != 1){
//if not display error message
echo "<script> alert('Your account " . $username . " is not activated yet.') </script>";
echo "<script type='text/javascript'>document.location.href='index_spa.php';</script>";
}else{
//if they have log them in
//set the login session storing there id - we use this to see if they are logged in or not
$_SESSION['uid'] = $row['id'];
//show message
echo "<script type='text/javascript'>document.location.href='index.php?u=" . $username . "';</script>";
}
}
}
}
}
函数保护($string){
$string=trim(strip_标记(addslashes($string));
返回$string;
}
如果($_POST['submit'])){
$username=protect($_POST['username']);
$password=protect($_POST['password']);
如果(!$username | |!$password){
//如果没有,则显示错误消息
回显“警报('未输入数据')”;
echo“document.location.href='index.php';”;
}否则{
//如果要继续检查
//从表中选择用户名与用户输入的用户名匹配的所有行
$res=mysql_查询(“从`users`中选择*,其中`username`='.$username.”);
$num=mysql\u num\u行($res);
//检查是否有匹配项
如果($num==0){
//如果没有,则显示错误消息
回显“警报('用户不存在')”;
echo“document.location.href='index_spa.php';”;
}否则{
//如果有匹配项,请继续检查
//选择用户名和密码与用户提交的匹配的所有行
$res=mysql\u查询(“从'users'中选择*,其中'username`=''.$username.''和'password`='.$password.''”;
$num=mysql\u num\u行($res);
//检查是否有匹配项
如果($num==0){
//如果没有,则显示错误消息
回显“警报(‘无效密码’)”;
echo“document.location.href='index.php';”;
}否则{
//如果有,请继续检查
//将正确行的所有字段拆分为关联数组
$row=mysql\u fetch\u assoc($res);
//检查用户是否尚未激活其帐户
如果($row['active']!=1){
//如果没有,则显示错误消息
echo“警报('您的帐户“$username.”尚未激活。”);
echo“document.location.href='index_spa.php';”;
}否则{
//如果他们已经登录了
//设置登录会话并存储id-我们使用它来查看他们是否登录
$\会话['uid']=$row['id'];
//显示消息
echo“document.location.href='index.php?u=“.$username.”;”;
}
}
}
}
}
addslashes