登录验证密码/确认密码不起作用。 PHP/MySQL
问题描述:
出于某种原因,我的验证密码不工作在我的PHP。不知道这是命令还是我错过了一些东西。如果密码不正确,我希望它不允许用户登录。登录验证密码/确认密码不起作用。 PHP/MySQL
下面的HTML和PHP。
<HTML>
<HEAD>
<TITLE> Programming </TITLE>
<link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css">
<LINK REL="stylesheet" TYPE="text/css" href="homework2.css">
</HEAD>
<BODY>
<!-- CSS for http://the7.dream-demo.com/ -->
<div id="container">
<div id="header">
<div class="menuitem"> <a href="home.html">Home</a> </div>
<div class="menuitem"><a href="products.html">Products</a></div>
<div class="menuitem"><a href="cases.html">Case Studies</a></div>
<div class="menuitem"><a href="pricing.html">Pricing</a></div>
<div class="menuitem"><a href="aboutus.html">About Us</a></div>
</div>
<div id="bodycontent">
<div id="banner">
<div id="bannerleft"> <h1> We make you better athletes. Find out how! </h1> </div>
<div id="signin">
<form class="well form-inline" action="login.php" method="post">
<input type="text" class="input-small" placeholder="Email" name="email" >
<input type="password" class="input-small" placeholder="Password" name="password">
<br><br>
<!--
If you do not want to use twitter bootstrap css then you should uncomment next 6 lines and uncomment the
above 2 lines that provide input boxes
\t <label for="email">Email:</label>
\t <input type="text" name="email" id="email">
\t <br>
\t <label for="password">Password:</label>
\t <input type="password" name="password" id="password">
\t <br>
-->
<input type="submit" name="submit" id="logmein" value="Log In">
</form>
</div>
</div>
<div id="featurestrip">
<div id="signup">
<form action="signup.php" method="post">
<label for="firstname">Firstname:</label>
<input type="text" name="signup-firstname" id="signup-firstname">
<br>
<label for="lastname">Lastname:</label>
<input type="text" name="signup-lastname" id="signup-lastname">
<br>
<label for="email">Email: </label>
<input type="text" name="signup-email" id="signup-email">
<br>
<label for="password">Password:</label>
<input type="password" name="signup-password" id="signup-password">
<br>
<label for="password">Reconfirm Password:</label>
<input type="password" name="signup-repassword" id="signup-repassword">
<br><br>
<input type="submit" name="signmeup" id="signmeup" value="Sign Me Up!">
</form>
</div>
<div id="featureright"> <p>Sign up and find out more on how we can help. Pricing starts at $19.95 a month. </p>
<p><h3>Premium service starts at $49.95.</h3></p>
</div>
</div>
<div id="corefeatures">
<img height="200px" src="http://www.hockeymanitoba.ca/wp-content/uploads/2013/02/ltad-model.jpg">
</div>
<div id="testimonials"> Testimonial
<img height="200px" src="http://www.neuroexplosion.com/storage/development%20model%20jpeg.jpg?__SQUARESPACE_CACHEVERSION=1305662626397">
<img height="200px" src="http://www.phecanada.ca/sites/default/files/physical_literacy/LTAD_FMS.jpg">
</div>
<!--
<div id="portfolio"> Portfolio</div>
<div id="skills"> Skills</div>
-->
</div>
<div id="footer">Copyright Notice. All Rights Reserved. 2014</div>
</div>
</BODY>
</HTML>
PHP
<?php
$mysql_hostname = 'localhost';
$mysql_user = 'username';
$mysql_password = 'password';
$mysql_database = 'db_users2015';
$connect = mysql_connect($mysql_hostname, $mysql_user, $mysql_password)
or die ("Couldn't connect");
echo "<BR>Connection Successful";
//to put data into database
//select database
$db_selected= mysql_select_db($mysql_database, $connect)
or die ("Couldn't connect to the database");
$email= $_POST['email'];
$password= $_POST['password'];
$sql = "SELECT COUNT (*) FROM users WHERE email= '{$_POST['email']}' AND password= '{$_POST['password']}'";
$sql_result = mysql_query($sql);
if(["email"]==$email &&["password"]==$password)
echo ("Login Successful.");
else{
die("Wrong Password.");
}
$sql = "SELECT COUNT(*) FROM users WHERE email= '{$_POST['email']}'";
$sql_result = mysql_query($sql);
if (mysql_result($sql_result, 0)<1)
{
die("<BR>Email address not found");
}
else{
echo "Login Successful!";
}
?>
答
你已经在你的查询只COUNT(*)
选择从数据库,在那里的电子邮件和密码是你从形式,而不是收到了同样的列来比较,你也忘了mysql_fetch_assoc
从数据库中取行,试试这个:
$sql = sprintf("SELECT COUNT(*) as qty FROM users WHERE email= '%s' and password = '%s'", mysql_real_escape_string($_POST['email']), mysql_real_escape_string($_POST['password']));
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
if ($row['qty']) {...
答
我没有收到,为什么你使用2个单独的查询来检查用户。但是,这是你的要求,所以我根据问题张贴了我的答案。
<?php
$mysql_hostname = 'localhost';
$mysql_user = 'username';
$mysql_password = 'password';
$mysql_database = 'db_users2015';
$connect = mysql_connect($mysql_hostname, $mysql_user, $mysql_password)
or die ("Couldn't connect");
echo "<BR>Connection Successful";
$db_selected= mysql_select_db($mysql_database, $connect) or die ("Couldn't connect to the database");
$email= $_POST['email'];
$password= $_POST['password'];
$QueryEmail = mysql_query("SELECT * FROM users WHERE email= '$email'");
$CountResultEmail=mysql_num_rows($QueryEmail);
if($CountResultEmail==1)
{
echo "Correct Email";
$QueryPassword=mysql_query("SELECT * FROM users WHERE email= '$email' AND password='$password'");
$CountResultPassword=mysql_num_rows($QueryPassword);
if($CountResultPassword==1)
{
echo "Login Successful";
}
else
{
echo "Wrong Password";
}
}
else
{
echo "Wrong Email";
}
?>
您可以在一个查询中检查电子邮件&密码。你也可以使用它。
<?
.
.
$email= $_POST['email'];
$password= $_POST['password'];
$QueryResult = mysql_query("SELECT * FROM users WHERE email= '$email' AND password='$password'");
$CountResult=mysql_num_rows($QueryResult);
if($CountResult==1)
{
echo "Login Successfull";
}
else
{
echo "Wrong Credentials";
}
?>
和昨天一样的音符。您正在测试的密码是否包含报价?还有什么是[[“email”]和'[“password”]'?如果'$ sql_result'为true,那么你不需要那么那么电子邮件和密码匹配。但不这样做,用户输入与查询分开。 – chris85
我看到你在那里提到,我改变了引用来匹配,今天再次感谢你的帮助chris85。我试图使用电子邮件和密码来匹配数据库中的电子邮件和密码,以确保它是正确的登录名。你是说我不需要在下面的部分添加这些变量?如果($ sql_result [“email”] == $ email && $ sql_result [“password”] == $ password) echo(“Login Successful。”); 其他{ die(“密码错误”); } – ruwadidr
是的,如果它在匹配的SQL中匹配,则不需要再次检查......但是不要将用户输入直接传递给你的SQL;并且不要以明文形式存储密码至少为md5。有更多的教程,线程和函数可供更好的方法使用。你应该更新到'mysqli'或'pdo'驱动程序。 – chris85