Warning: file_get_contents(/data/phpspider/zhask/data//catemap/6/xamarin/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
登录PHP未选择正确的用户_Php_Sql - Fatal编程技术网
Fatal编程技术网
  • php/
  • 登录PHP未选择正确的用户

登录PHP未选择正确的用户

php sql

登录PHP未选择正确的用户,php,sql,Php,Sql,所以,我的问题是,我不能用PHP中的登录脚本作为任何其他用户登录,它只选择表中的最后一行 <?php require_once('core/config.php'); if(isset($_POST['lSubmit'])) { $result = $mysqli->query("SELECT * FROM cms_users"); while($row = $result->fetch_object() ) { $username = $row

所以,我的问题是,我不能用PHP中的登录脚本作为任何其他用户登录,它只选择表中的最后一行

<?php
require_once('core/config.php');
if(isset($_POST['lSubmit'])) {
    $result = $mysqli->query("SELECT * FROM cms_users");
    while($row = $result->fetch_object() ) {
        $username = $row->username;
        $password = $row->password;
        $id = $row->id;
        $Rank = $row->Rank;
        $fail = "";
    }
    if($_POST['username'] == $username && hash("SHA512", "SHA512", $_POST['password'] + "QxLUF1bgIAdeQX") == $password) {
        $_SESSION['username'] = $username;
        $_SESSION['id'] = $id;
        header("Location: index.php?ID=$id&Username=$username");
    } else 
        header("Location: login.php?fail=true");
        $fail = "Username and/or password is wrong!";
   }
} else {
    header("Location: login.php");
    $fail = "Username and/or password is wrong!";
}
您的查询选择了几行:

$mysqli->query("SELECT * FROM cms_users");
您需要在表中选择用户名和密码已传递的用户。如果要提取记录,则该记录就是用户,否则是错误登录。

Myabe您可以这样尝试:

<?php
require_once('core/config.php');
if(isset($_POST['lSubmit'])) {
$result = $mysqli->query("SELECT * FROM cms_users where username='".$_POST['username']."'");
while($row = $result->fetch_object() ) {
    $username = $row->username;
    $password = $row->password;
    $id = $row->id;
    $Rank = $row->Rank;
    $fail = "";
}
if(hash("SHA512", "SHA512", $_POST['password'] . "QxLUF1bgIAdeQX") == $password) {
    $_SESSION['username'] = $username;
    $_SESSION['id'] = $id;
    header("Location: index.php?ID=$id&Username=$username");
} else 
    header("Location: login.php?fail=true");
    $fail = "Username and/or password is wrong!";
}
} else {
header("Location: login.php");
$fail = "Username and/or password is wrong!";
}
不应选择用户表中的所有用户。只要一个匹配的用户名就足够了

+在PHP中不是串联运算符,而是加法运算符。您需要执行$\u POST['password']。QxLUF1bgIAdeQX。这实际上破坏了所有的散列,因为两个非数字字符串加在一起等于零。当然是这样,在循环的每次迭代中都要设置用户名和密码。它们将始终包含DB查询返回的最后一个值。大括号的数量不均匀,关闭的大括号比打开的大括号多。如果将代码正确制表,则会在If$\u POST['username']上的else之后发现缺少一个打开的大括号==$username缺少第一个else的开头括号此示例对sql注入敞开->从用户名为“”的cms\u用户中选择*。$\u POST['username'.'。当使用mysqli时,没有理由在查询中直接使用用户数据,因为可以使用准备好的语句。php.net//manual/en/mysqli.prepare.php