小贝子编程

PHP 登录表单不会使用正确的凭据登录用户



>我有一个php表单,当用户使用不正确的凭据提交时,会收到适当的错误消息,但是当使用正确的凭据时,不会收到登录成功消息,只是相同的不正确凭据消息。我已经尝试过使用哈希密码,但没有运气。这是我的登录功能代码:

function login($username, $password) {
$host = 'localhost';
$user = 'jamaixan_bobsled';
$pass = 'v67fvg7gk_&g';
$db = 'db_for_site_67';
mysql_connect($host, $user, $pass);
mysql_select_db($db);
$connected = mysql_select_db($db);
$user_id = user_id_from_username ($username);
$password = md5($password);
return(mysql_result(mysql_query("SELECT COUNT(`id_user`) FROM `table_of_users` WHERE 
`email_user` = `$username` AND `password_user` = `$password`") , 0) == 1) ? $user_id : `false`;
    }

您不应该将用户名和密码值放在反引号中,而是将它们放在引号中。你甚至把false放在反引号中。像这样做: 

$result = mysql_query("SELECT COUNT(`id_user`) FROM `table_of_users` WHERE 
            `email_user` = '$username'  AND `password_user` = '$password'");
return  (mysql_num_rows($result)>0) ? $user_id : false;

我建议您使用 PDO,这是一种更安全的处理数据库请求的方法。 mysql_* 函数已弃用。

http://www.php.net/manual/en/book.pdo.php

使用 mysqli_* 或 pdo...MySQL 已弃用

function login($username, $password) 
{
    $cn = mysqli_connect('localhost', 'jamaixan_bobsled', 'v67fvg7gk_&g', 'db_for_site_67') or die('Connection error!');
    $SQL = "SELECT COUNT(id_user) FROM table_of_users WHERE email_user = '%s' AND password_user = '%s'";
    $Query = sprintf($SQL, mysqli_real_escape_string($username), md5($password));
    $Result = mysqli_query($cn, $Query) or die( mysqli_error($cn) );
    $Rows = mysqli_fetch_array($Result);
    return ( isset($Rows[0]) && ($Rows[0] > 0) );
}

function connectdb()
{
    $dbhost='localhost';
    $dbname='db_for_site_67';
    $dbuser="jamaixan_bobsled";
    $pwd="v67fvg7gk_&g";
    try
    {
        $db=mysql_connect($dbhost,$dbuser,$pwd);
        if($db)
        {
            try
            {
                $dbselect=mysql_select_db($dbname,$db); 
                if(!$dbselect)
                {
                    throw new Exception("Unable to select database: $dbname with error ". mysql_error());
                }
            }
            catch(Exception $e)
            {
                echo $e->getMessage();
            }  
        }
        else
        {
            throw new Exception("Unable to connect to database with error ". mysql_error());
        }
    }
    catch(Exception $e)
    {
        echo $e->getMessage();
    }
    return $db;
}

function login($username, $password) {
$user_id = user_id_from_username ($username);
$password = md5($password);
$conn1=connectdb();
$sql1="SELECT COUNT(`id_user`) FROM `table_of_users` WHERE `email_user` = $username AND `password_user` = $password";
$res1=mysql_query($sql1);
$res1=mysql_fetch_array($res1);
$res1=$res1['COUNT(`id_user`)'];
if($res1==1){
    echo "login sucessful";
} else {
    echo "login Failed";
}
    }

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium