这是完整的代码:
<?php
session_start();
session_regenerate_id(true);
require_once('connect.php');
require_once "lib.php";
require_once "utils.php";
$EmailAddress = mysqli_real_escape_string($link,htmlentities($_POST['EmailAddress']));
$Password = mysqli_real_escape_string($link,htmlentities($_POST['Password']));
$Fname = mysqli_real_escape_string($link,htmlentities($_POST['Fname']));
function login($result,$EmailAddress,$Password)
{
if($result)
{
if(mysqli_num_rows($result) == 1)
{
$email_exists = true;
$pass_exists = true;
if($pass_exists = true && $email_exists = true)
{
$_SESSION['active']=true;
$_SESSION['EmailAddress']=$EmailAddress;
//$_SESSION['Password']=$Password;
header("Location: myIndex.php");
exit();
}
}
else
echo "<div id='error'><h4>Error: Incorrect Password or Email</h4></div>";
}
}
function redirect_if_active()
{
header("Location: myIndex.php");
exit();
}
if(isset($_SESSION['active']) && $_SESSION['active'] ===true)
{
redirect_if_active();
}
// only processes login information if the submit button has been clicked
if (isset($_POST['submit'])) {
$sql="SELECT * FROM users WHERE EmailAddress ='$_POST[EmailAddress]' AND
Password ='$_POST[Password]'";
$result = mysqli_query($link,$sql);
login($result,$EmailAddress,$Password);
}
if(isset($_POST['signup'])){
header("Location: register.php");
exit();
}
?>
我的猜测是错误是$sql = 从用户中选择 * 的地方,但我不完全确定。我将输入电子邮件和密码,但它继续将我返回到登录页面。我不确定它为什么要这样做,但是一旦用户登录,它就需要转到"个人资料"页面。
$link = "somethingrelatedtoyourdb";
$EmailAddress = $_POST['EmailAddress'];
$Password = $_POST['Password'];
//$Fname = $_POST['Fname']; THIS IS NEVER POSTED
echo "<pre>";
print_r($_POST);
echo "</pre>";
function login($result,$EmailAddress,$Password)
{
if($result)
{
if(($result) == true)//TRUE AGAIN
{
//THIS MAKES NO SENSE
// $email_exists = true;
// $pass_exists = true;
//if($pass_exists = true && $email_exists = true)
// {
$_SESSION['active'] == true;
$_SESSION['EmailAddress'] == $EmailAddress;
//$_SESSION['Password']=$Password;
header("Location: myIndex.php");
exit();
// }
}
else
echo "<div id='error'><h4>Error: Incorrect Password or Email</h4></div>";
}
}
function redirect_if_active()
{
header("Location: myIndex.php");
exit();
}
if(isset($_SESSION['active']) && $_SESSION['active'] ===true)
{
redirect_if_active();
}
// only processes login information if the submit button has been clicked
if (isset($_POST['submit'])) {
$sql="SELECT * FROM users WHERE EmailAddress ='$EmailAddress' AND
Password ='$Password'";
print_r($sql);
// $result = mysqli_query($link,$sql); Ill make this true for a moment
$result = true;
login($result,$EmailAddress,$Password);
}
if(isset($_POST['signup'])){
header("Location: register.php");
exit();
}
?>
<html>
<head></head>
<body>
<div id='form'>
<form action='example.php' method='POST'>
<div id='email'>Email:</div>
<div id='email2'>
<input name='EmailAddress' type='email'/>
<br>
</div> Password: <input name='Password' type='password'/>
<br>
<input class="submit" name='submit' type='submit' value='Login'/>
<input class="submit2" name='signup' type='submit' value='SignUp!'/> </form>
</body></html>
你有很多问题,我马上就看到了
- 在您的 sql 查询中,此
$_POST[Password]
应$_POST['Password']
。 电子邮件地址也是如此。 这可能会解决您的查询,但请注意,将原始帖子数据传递给 mysql 是一个很大的安全问题。您已经将这些后置参数设置为转义变量。 您可以使用这些,但您应该查看准备好的语句以确保自己的安全。 -
这个块,有一个错误,也没有意义
$email_exists = true; $pass_exists = true; if($pass_exists = true && $email_exists = true)
它应该是
if($pass_exists == true && $email_exists == true)
或者更好
if($pass_exists && $email_exists)
但是,由于您在检查它们是否为真之前将这两个变量显式设置为 true,因此这将始终为 true。