Fatal编程技术网
  • php/
  • PHP登录表单错误

PHP登录表单错误

php mysql loops login

PHP登录表单错误,php,mysql,loops,login,login-script,Php,Mysql,Loops,Login,Login Script,事情是这样的: 我创建了一个登录表单,用于检查用户是管理员还是成员 然后将它们重定向到正确的页面。 它运行良好 当用户输入错误的用户并通过时,问题开始出现 登录页面进入某种循环 我做错了什么 谢谢你的帮助 login.php: <?php session_start(); // Starting Session $error=''; // Variable To Store Error Message if (isset($_POST['submit'])) { if (empty($_P

事情是这样的: 我创建了一个登录表单,用于检查用户是管理员还是成员 然后将它们重定向到正确的页面。 它运行良好

当用户输入错误的用户并通过时,问题开始出现 登录页面进入某种循环

我做错了什么

谢谢你的帮助 login.php:

<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "חלק מהנתונים שסופקו, שגויים.";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
include "config.php";
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
// Selecting Database
$tbl_name="users";
//$db = mysql_select_db($tbl_name, $conn);
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select * from $tbl_name where userpassword='$password' AND username='$username'", $conn);
$rows = mysql_num_rows($query);
$dbdata = mysql_fetch_array($query) or die(mysql_error());

if ($rows == 1) {
$flag = $dbdata['admin'];
if ($flag == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: index.php"); // Redirecting To Other Page
} elseif($flag == 0){
$_SESSION['login_user']=$username; // Initializing Session
header("location: user.php"); // Redirecting To Other Page
} else{
session_destroy();
header("location: errorlog.php");
}}
mysql_close($conn); // Closing Connection
}}
?>
<!DOCTYPE html>
<html dir="rtl" lang="he">
<head>
<title>המסלקה| כניסת סוכנים</title>
<link href="../css/adminstyle.css" rel="stylesheet" type="text/css">
<link href="login.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="main">
<h1>ברוכים הבאים</h1>
<div id="login">
<h2>מלא טופס זה על מנת להיכנס</h2>
<form action="" method="post">
<label>שם משתמש :</label>
<input id="name" name="username" placeholder="באותיות ומספרים" type="text">
<label>סיסמה :</label>
<input id="password" name="password" placeholder="**********" type="password">
<input name="submit" type="submit" value=" התחבר ">
<span><?php echo $error; ?></span>
</form>
</div>
</div>
</body>
</html>

尝试使用头函数后退出,因为在重定向而不退出后,脚本将继续执行:


<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "חלק מהנתונים שסופקו, שגויים.";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
include "config.php";
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
// Selecting Database
$tbl_name="users";
//$db = mysql_select_db($tbl_name, $conn);
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select * from $tbl_name where userpassword='$password' AND username='$username'", $conn);
$rows = mysql_num_rows($query);
$dbdata = mysql_fetch_array($query) or die(mysql_error());

if ($rows == 1) {
$flag = $dbdata['admin'];
if ($flag == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: index.php");exit; // Redirecting To Other Page
} elseif($flag == 0){
$_SESSION['login_user']=$username; // Initializing Session
header("location: user.php");exit; // Redirecting To Other Page
} else{
session_destroy();
header("location: errorlog.php");exit;
}}
mysql_close($conn); // Closing Connection
}}
?>



您的用户名/密码不正确


if ($rows == 1) {


这将是错误的。
您捕获了不正确的标志,但此if语句上没有
else

如果您希望它破坏会话并转到错误页面,请添加


session_destroy();
header("location: errorlog.php");


为该组创建一个else。否则写入
$error
变量,例如:


$error='username or password not recognised';



检查用户是否不存在的错误检查是错误的。如果用户不存在,
mysql\u num\u rows($query)
返回
FALSE
。
在
if(row==1)
之后添加一个额外的
else
语句检查
$rows===false
并相应重定向

所以在你的if之前加上这个就足够了。(如果(行==1)
,则在
之前插入)


什么问题开始了?我们需要更好地描述您的问题。在浏览器开发者视图(Firefox else Chrome)中运行它查看网络面板,浏览器看到/做什么?

$error='username or password not recognised';



if($rows === false){
    session_destroy();
    header("location: errorlog.php");
}