如何在PHP中检查登录?
我的登录有问题,当我输入正确的用户名和错误的密码时,结果应该不允许我登录,但在我的情况下,如果用户名和密码正确,则允许我登录应用程序 这是我的登录脚本如何在PHP中检查登录?,php,login,Php,Login,我的登录有问题,当我输入正确的用户名和错误的密码时,结果应该不允许我登录,但在我的情况下,如果用户名和密码正确,则允许我登录应用程序 这是我的登录脚本 <?PHP include_once("conn.php"); $user= $_POST['userName']; $password = mysqli_real_escape_string($_POST['password']); $qr="select password from user where
<?PHP
include_once("conn.php");
$user= $_POST['userName'];
$password = mysqli_real_escape_string($_POST['password']);
$qr="select password from user where userName='$user'";
$res=mysqli_query($con, $qr);
while($row=mysqli_fetch_array($res)){
$pass=$row[0];
}
$saltQuery = "select salt from user where userName = '$user'";
$result = mysqli_query($con , $saltQuery);
while($row=mysqli_fetch_array($result)){
$salt = $row[0];
}
$saltedPW = $password . $salt;
$hashedPW = hash('md5', $saltedPW);
if($pass==$hashedPW){
$query = "SELECT userName, password FROM user WHERE userName = '$user' AND password = '$hashedPW'";
$result = mysqli_query($con, $query);
if($result->num_rows > 0){
echo"success login ";
} else{
echo"failed login ";
}
尝试为登录页面执行以下操作
<?php
include("config.php");
if(isset($_POST['submit']))
{
echo $username= $_POST['username'];
echo $password= $_POST['password'];
$username = addslashes($username);
$password = addslashes($password);
$username = mysqli_real_escape_string($link, $username);
$password = mysqli_real_escape_string($link, $password);
$pass= md5($password);
$seladmin ="SELECT id,UserName,Password FROM login WHERE UserName='$username' && Password='$pass'";
$SelRecAdmin = mysqli_query( $link,$seladmin );
$row = mysqli_fetch_array($SelRecAdmin);
$tot_num_row=mysqli_num_rows($SelRecAdmin);
if($tot_num_row >0)
{
$_SESSION['adminid']=$row['id'];
$_SESSION['adminunm'] = $row['UserName'];
header('location:home.php');
exit;
}
else
{
$_SESSION['msg']= 'Invalid username or password';
header('location:index.php');
exit;
}
}
?>
我已经为您的问题制定了解决方案。我没有运行它,如果你有任何语法错误,请自己修复
**确保您的代码中没有相同的用户名,否则如果输入错误的密码,它将显示成功消息。(根据您的代码)
但是,即使您有多个具有相同用户名的条目,下面的代码也应该为您提供预期的结果**
<?PHP
include_once("conn.php");
$user= $_POST['userName'];
$password = mysqli_real_escape_string($_POST['password']);
$password = hashIt($password,$user);
$res=mysqli_query($con,"select * from user where userName='".$user."' AND password='".$password."'");
if(mysqli_num_rows($res) == 1){
echo "Login Successfull";
}else{
echo "Invalid Username/Password";
}
function hashIt($password,$user){
$result = mysqli_query($con,"select salt from user where userName = '".$user."'");
// No need to check other things, if query fails / no records found anyway it'll show login failure message.
while($row=mysqli_fetch_array($result)){
$salt = $row['salt'];
}
$saltedPW = $password . $salt;
return hash('md5', $saltedPW);
}
?>
您是否在数据库中为用户名设置了主键?看起来您有多个用户名和密码相同的记录首先,为什么不使用一个查询而不是三个查询来获取所有详细信息?您可能不应该编写自己的登录脚本,如果您自己甚至不具备分析此类问题的基本调试技能。请始终将id
设置为主值和自动增量。例如,一所大学可以有30个名为john的人。@AgamBanga,因为我从数据库检索散列的salt和密码,并将salt与用户插入的密码混合,如果存在匹配项,则应为登录。