Php 如何修复我的管理员登录代码_Php_Authentication_Login

Php 如何修复我的管理员登录代码

php authentication login

Php 如何修复我的管理员登录代码,php,authentication,login,Php,Authentication,Login,我想知道是否有人知道我的php代码有什么问题，以及我如何修复它。每次我尝试查看它是否有效，它只是告诉我信息不正确，请单击此处重试，但问题是我没有输入用户名或密码。它直接告诉我信息是错误的，然后再试一次。有人能帮我告诉我我的代码有什么问题吗 <?php session_start(); if (isset($_SESSION["manager"])) { header("location: index.php"); exit();

我想知道是否有人知道我的php代码有什么问题，以及我如何修复它。每次我尝试查看它是否有效，它只是告诉我信息不正确，请单击此处重试，但问题是我没有输入用户名或密码。它直接告诉我信息是错误的，然后再试一次。有人能帮我告诉我我的代码有什么问题吗

    <?php
    session_start();
     if (isset($_SESSION["manager"])) {
        header("location: index.php"); 
         exit();
     }
    ?>
    <?php 
    // Parse the log in form if the user has filled it out and pressed "Log In"
    if (isset($_POST["username"]) && isset($_POST["password"])) {

        $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); // filter everything but numbers and letters
            $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); // filter everything but numbers and letters
           // Connect to the MySQL database  
           include "../storescripts/connect_to_mysql.php"; 
            $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person
            // ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
           if(mysql_num_rows($sql) >0); // count the row nums
               while($row = mysql_fetch_array($sql)){ 
                  $id = $row["id"];
             }
     $_SESSION["id"] = $id;
     $_SESSION["manager"] = $manager;
     $_SESSION["password"] = $password;
     header("location: index.php");
     exit();
} else {
    echo 'That information is incorrect, try again <a href="index.php">Click Here</a>';
    exit();
}
    ?>

您需要将if和else条件设置在正确的位置

试试这个

<?php
session_start();
 if (isset($_SESSION["manager"])) {
    header("location: index.php"); 
     exit();
 }

// Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["username"]) && isset($_POST["password"])) {

    $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); // filter everything but numbers and letters
        $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); // filter everything but numbers and letters
       // Connect to the MySQL database  
       include "../storescripts/connect_to_mysql.php"; 
        $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person
        // ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
       if(mysql_num_rows($sql) >0); // count the row nums
           while($row = mysql_fetch_array($sql)){ 
             $_SESSION["id"] = $row["id"];
             $_SESSION["manager"] = $manager;
             $_SESSION["password"] = $password;
             header("location: index.php");
             exit();
           }
        }else{
            echo 'That information is incorrect, try again <a href="index.php">Click Here</a>';
            exit;
}

失败的是这一行代码：

if (isset($_POST["username"]) && isset($_POST["password"]))

您需要编写发布用户名和密码的HTML代码

另外，您可能打算将else条件放在SQL查询之后，如下所示：

 <?php
session_start();
 if (isset($_SESSION["manager"])) {
    header("location: index.php"); 
     exit();
 }
?>
<?php 
// Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["username"]) && isset($_POST["password"])) {

    $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); // filter everything but numbers and letters
    $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); // filter everything but numbers and letters
   // Connect to the MySQL database  
   include "../storescripts/connect_to_mysql.php"; 
    $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person
    // ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
   if(mysql_num_rows($sql) >0){ // count the row nums
       while($row = mysql_fetch_array($sql)){ 
         $id = $row["id"];
         $_SESSION["id"] = $id;
         $_SESSION["manager"] = $manager;
         $_SESSION["password"] = $password;
         header("location: index.php");
         }
        exit();
     }else{
        echo 'That information is incorrect, try again <a href="index.php">Click Here</a>';
    }   
} 
exit();
?>

…然后通过函数运行所有用户输入数据，如下所示：

$errors = array();
if (!empty($_POST['username'])) {//handle the user name input
    $user_name = clean_input($_POST['user_name']);
} else {//user_name not entered
    $errors[] = 'You forgot to enter a user name';
}
if (!empty($_POST['password'])) {//handle the password input
    $user_id = '';
    $password = clean_input($_POST['password']);
    $q = "SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1";
    $r = mysql_query($q);
    while ($row = @mysql_fetch_array($r)) {
        $id = $row["id"];
        $_SESSION["id"] = $id;
        $_SESSION["manager"] = $manager;
        $_SESSION["password"] = $password;
    }
} else {//password not entered
    $errors[] = 'You forgot to enter a password';
}
if(!empty($errors)){
echo '<h3 class="error">Error!</h3>
    <p class="error">The following error(s) occurred:<br/>';
    foreach($errors as $msg){
        echo " - $msg<br/>\n";
    }
echo '</p><p class="error">Please try again.</p>';  
}else{
            header("location: index.php");
}

因此，我假设您的代码名为login.php。所以不要用这个代码

else {
    echo 'That information is incorrect, try again <a href="index.php">Click Here</a>';
    exit();
}

实际上，您希望在这里返回html表单

else {
    echo '<form class="login-form"> .........';
    exit();
}

没问题……很高兴我能help@user3200510如果我的建议有效并且有帮助的话，你能接受我的回答吗。。。谢谢

else {
    echo '<form class="login-form"> .........';
    exit();
}