Php 无法使用正确的密码和用户名登录。作假_Php_Login

Php 无法使用正确的密码和用户名登录。作假

php login

Php 无法使用正确的密码和用户名登录。作假,php,login,Php,Login,当我登录时，即使密码和用户名是正确的，它也会保留错误数组（[0]=>该用户/密码组合不正确）用户名和密码处于活动状态且已存在。 login.php <?php include 'init.php'; if(empty($_POST) === false){ $username = $_POST['username']; $password = $_POST['pwd1']; if(empty($username)|| empty($password)) {

当我登录时，即使密码和用户名是正确的，它也会保留错误

数组（[0]=>该用户/密码组合不正确）

用户名和密码处于活动状态且已存在。 login.php

    <?php
include 'init.php';

if(empty($_POST) === false){
    $username = $_POST['username'];
    $password = $_POST['pwd1'];

if(empty($username)|| empty($password)) {
        echo 'You need to enter username and password';
    }
    else if(user_exists($username) === true){
        if(user_active($username) === true){

        $login = login($username, $password);
        if($login === false){
            $errors[] = 'That user/password combination is incorrect' ;

        } else{

            $_SESSION['user_id'] = $login;
            ob_end_clean();
            header('Location:forum.php');
            exit();
        }
    }
    else{$errors[] = 'You haven\'t activated your account!';}
    }
    else{$errors[] = 'We can\'t find that username. Have you registered?';}

    print_r($errors);

}
?>

<?php
function logged_in(){
    return (isset($_SESSION['user_id'])) ? true :false;
}
function user_exists($username){
    $username = sanitize($username);
    $sql = "SELECT COUNT(user_id) FROM `user` WHERE username = '$username'";
    $result = mysql_query( $sql);

    return (mysql_result($result,0) ==1) ? true : false;
}
function user_active($username){
    $username = sanitize($username);
    $sql ="SELECT COUNT(user_id) FROM `user` WHERE username = '$username' AND `active` = 1";
    $result = mysql_query( $sql);
    if ($result === false){
        return false;

    }
        return (mysql_result($result,0) ==1) ? true : false;
}
function user_id_from_username($username){
    $username = sanitize($username);
    $sql = "SELECT user_id FROM `user` WHERE username = '$username'";
    $result = mysql_query( $sql);
    if ($result === false){
        return false;

    }
    return mysql_result($result,0, 'user_id');
}
function login($username, $password){

    $username = sanitize($username);
    $password = md5($password);
    $query = mysql_query("SELECT COUNT(user_id) 
        FROM `user`
        WHERE username ='$username' AND pwd1 ='$password'");

    $row = mysql_fetch_row($query); 
    if($row[0]>0){
        return user_id;
        }else{
            return false;
            } 

}

?>

<?php
function sanitize($data){
    return mysql_real_escape_string($data);}
?>

<?php
ob_start();
session_start();

require 'connect.php';
require 'general.php';
require 'users.php';


$errors = array();
?>

users.php

    <?php
include 'init.php';

if(empty($_POST) === false){
    $username = $_POST['username'];
    $password = $_POST['pwd1'];

if(empty($username)|| empty($password)) {
        echo 'You need to enter username and password';
    }
    else if(user_exists($username) === true){
        if(user_active($username) === true){

        $login = login($username, $password);
        if($login === false){
            $errors[] = 'That user/password combination is incorrect' ;

        } else{

            $_SESSION['user_id'] = $login;
            ob_end_clean();
            header('Location:forum.php');
            exit();
        }
    }
    else{$errors[] = 'You haven\'t activated your account!';}
    }
    else{$errors[] = 'We can\'t find that username. Have you registered?';}

    print_r($errors);

}
?>

<?php
function logged_in(){
    return (isset($_SESSION['user_id'])) ? true :false;
}
function user_exists($username){
    $username = sanitize($username);
    $sql = "SELECT COUNT(user_id) FROM `user` WHERE username = '$username'";
    $result = mysql_query( $sql);

    return (mysql_result($result,0) ==1) ? true : false;
}
function user_active($username){
    $username = sanitize($username);
    $sql ="SELECT COUNT(user_id) FROM `user` WHERE username = '$username' AND `active` = 1";
    $result = mysql_query( $sql);
    if ($result === false){
        return false;

    }
        return (mysql_result($result,0) ==1) ? true : false;
}
function user_id_from_username($username){
    $username = sanitize($username);
    $sql = "SELECT user_id FROM `user` WHERE username = '$username'";
    $result = mysql_query( $sql);
    if ($result === false){
        return false;

    }
    return mysql_result($result,0, 'user_id');
}
function login($username, $password){

    $username = sanitize($username);
    $password = md5($password);
    $query = mysql_query("SELECT COUNT(user_id) 
        FROM `user`
        WHERE username ='$username' AND pwd1 ='$password'");

    $row = mysql_fetch_row($query); 
    if($row[0]>0){
        return user_id;
        }else{
            return false;
            } 

}

?>

<?php
function sanitize($data){
    return mysql_real_escape_string($data);}
?>

<?php
ob_start();
session_start();

require 'connect.php';
require 'general.php';
require 'users.php';


$errors = array();
?>

您没有将

$login

分配给

$\u会话['user\u id']

，因为您调用

die（$login）在此之前，与退出相同，之后不解析任何内容。改变顺序
并祈祷你的消毒功能发挥作用。无论如何，您最好切换到PDO，因为mysql_uu函数已被弃用且不安全。即使您清理了$\u POST和$\u GET，您仍然可以从数据库、解析的XML或其他源中选择恶意值。
仍然无法工作。我尝试使用PDO，但不适用于我。请检查您的login（）
函数返回的内容-如果有两条相同的记录，它将返回false。您不需要在login（）
中从\u用户名调用user\u id\u，因为您可以返回true而不是$user\u id
我从\u用户名中删除用户id\u。但还是出现了错误。数组（[0]=>该用户/密码组合不正确）至少您知道它是login（）
函数中的某个内容-只需检查它，您就会看到。在phpmyadmin中运行此查询以查看是否产生任何结果。phpmyadmin显示计数（用户id）=0。这意味着查询不正确？我从user
复制SELECT COUNT（user_id），其中username='$username'和pwd1='$password'