Warning: file_get_contents(/data/phpspider/zhask/data//catemap/4/algorithm/11.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php 不使用密码和用户名登录_Php - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php 不使用密码和用户名登录

Php 不使用密码和用户名登录

php

Php 不使用密码和用户名登录,php,Php,我可以登录到我的用户页面和管理员页面,而无需提供密码和用户名。当选择usertype并单击login时,两者都会得到loggedin。这是我的login.php代码 <?php $servername="SERVER"; $username="USER"; $password="PWD"; $dbname="DB"; $conn = mysqli_connect($servername, $username, $password, $dbname); echo("conneciton");

我可以登录到我的用户页面和管理员页面,而无需提供密码和用户名。当选择usertype并单击login时,两者都会得到loggedin。这是我的login.php代码

<?php
$servername="SERVER";
$username="USER";
$password="PWD";
$dbname="DB";
$conn = mysqli_connect($servername, $username, $password, $dbname);
echo("conneciton");
if(isset($_POST['Login'])){
$user=$_POST['user'];
$pass = $_POST['pass'];
$usertype=$_POST['usertype'];
$query = "SELECT * FROM multiuserlogin WHERE username='".$user."' and password = '".$pass."' and usertype='".$usertype."'";
$result = mysqli_query($conn, $query);
if($result){
while($row=mysqli_fetch_array($result)){
echo'<script type="text/javascript">alert("you are login successfully and you are logined as ' .$row['usertype'].'")</script>';

}
if($usertype=="admin"){
?>
<script type="text/javascript">
window.location.href="index.php"</script>
<?php

}else{
?>
<script type="text/javascript">
window.location.href="user.php"</script>
<?php

}
}else{
echo 'no result';
}
}

?>


<html>

<head>
<!-- title and meta -->
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>admin</title>
   <!-- /title and meta -->
   <script src="js/jquery.js"></script>
    <!-- Bootstrap -->
    <link href="css/bootstrap.min.css" rel="stylesheet">
    <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->

    <!-- Include all compiled plugins (below), or include individual files as needed -->
    <script src="js/bootstrap.min.js"></script>
     <link href="css/adminindex.css" rel="stylesheet"> 
</head>
<body class='bg-image'>
    <center><div class="col-md-4 col-sm-4 col-xs-10 formclass">
<form action="" method="post" name="Login_Form">
 <table>
<tr>
      <td colspan="2" align="left" valign="top"><h3>Login</h3></td>
    </tr>
    <tr>
<td  valign="top">Username:</td><td><input type="text" name="user" placeholder="enter your username"
 </td>
</tr>
<tr>
<td >Password:</td><td><input type="text" name="pass" placeholder="enter your password"</td>
</tr>
<tr>
<td>
Select user type:</td><td> <select name="usertype">

<option value="admin">admin</option>
<option value="user">user</option>
</select>
</td>
</tr>
<tr>
<td><input type="submit" name="Login" value="Login"></td>
</tr>
</table>
       </form>   </div>

 </center>
</body>
</html>


window.location.href=“index.php”
window.location.href=“user.php”
管理
登录
用户名:您的if语句


if($result){


始终为true,因为它包含查询而不是结果。因此,您将以所选的用户类型登录

调整数据库信息并尝试以下操作:


$conn = new mysqli("SERVER", "USER", "PWD", "DB");

if (!$conn->connect_error) {
  echo("connected");

  if(isset($_POST['Login'])){
    $user = $_POST['user'];
    $pass = $_POST['pass'];

    $query = "SELECT * FROM multiuserlogin WHERE username='".$user."' and password = '".$pass."' LIMIT 1";
    $result = $conn->query($query);
    $logged_user = $result->fetch_array(MYSQLI_ASSOC);
    $conn->close();

    if(is_array($logged_user) && $logged_user['username'] == $user)  {
      echo '<script type="text/javascript">alert("you are login successfully and you are logined as ' . $logged_user['usertype'] .'")</script>';
      if($logged_user['usertype'] == "admin"){
        echo '<script type="text/javascript">window.location.href="index.php"</script>';
      } else {
        echo '<script type="text/javascript">window.location.href="user.php"</script>';
      }
    } else {
    echo 'no result';
    }
  }
}



$conn=newmysqli(“服务器”、“用户”、“PWD”、“数据库”);
如果(!$conn->连接错误){
回声(“连接”);
如果(isset($_POST['Login'])){
$user=$_POST['user'];
$pass=$_POST['pass'];
$query=“从多用户登录中选择*,其中用户名=”“$user.”和密码=”“$pass.”“限制1”;
$result=$conn->query($query);
$logged_user=$result->fetch_数组(MYSQLI_ASSOC);
$conn->close();
if(is_数组($logged_user)&&&$logged_user['username']==$user){
echo“警报”(“您已成功登录,并已登录为“$logged_user['usertype']”);
如果($logged_user['usertype']==“admin”){
echo'window.location.href=“index.php”;
}否则{
echo'window.location.href=“user.php”;
}
}否则{
回应“没有结果”;
}
}
}



别忘了验证以防止SQL注入。
在您的表中签入一些空白用户名/密码数据。还可以使用
mysqli\u num\u rows()
检查结果计数。请在正确提交格式代码之前执行验证。请确保您有有效的代码,IDE可能会对您有所帮助。当前您的
。请阅读警告:您完全可以使用参数化的预处理语句,而不是手动生成查询。它们由或提供。永远不要相信任何形式的输入!即使您的查询仅由受信任的用户执行。切勿以明文或使用MD5/SHA1存储密码!仅存储使用PHP创建的密码哈希,然后可以使用进行验证。看看这篇文章:了解更多关于OP为什么要尝试这个?怎么了?您做了哪些更改?它正在工作,但用户和管理员都将编制索引。php如果您以用户身份登录,则警报的内容是什么?我得到的内容是“您已成功登录,您已以管理员身份登录”我也得到的内容是“您已成功登录,您已以管理员身份登录”