1. 首頁
  2. 問答
  3. PHP雖然...如果語句不工作,似乎忽略ELSE

PHP雖然...如果語句不工作,似乎忽略ELSE

2013-12-13 50 views
-1

任何人都可以幫助,我一直在試圖讓這個PHP代碼工作,有限的成功,它似乎在while語句中的else語句被忽略,我看過其他的例子,只是看不到我做錯了什麼。代碼在登錄表單中使用,不工作的部分是用戶輸入錯誤的密碼。我是PHP新手,這是一個大學任務。我還將包含登錄頁面的代碼。PHP雖然...如果語句不工作,似乎忽略ELSE

<?php 
ob_start(); 
session_start(); 
error_reporting(0); 

$username = $_POST['username']; 
$password = $_POST['password']; 

//sanitize username 
$username = mysql_real_escape_string($username); 

if($username&&$password) { 
include 'db.php'; 
$query = mysql_query("SELECT id, username, password, salt 
    FROM member 
    WHERE username = '$username';"); 
$numrows = mysql_num_rows($query); 
$result = mysql_query($query); 

$userData = mysql_fetch_array($result, MYSQL_ASSOC); 
$salt = $userData['salt']; 
$hash = hash('sha256', $salt . hash('sha256', $password)); 


if ($numrows !=0) { 
    while ($rows = mysql_fetch_assoc($query)) 
    { 
     $dbusername = $rows['username']; 
     $dbpassword = $hash; 

     if ($username===$dbusername&&$hash===$dbpassword) 
     { 
      $_SESSION['username']=$dbusername; 
      header("location: index.php?remarks=success"); 
     } 
     else 
     { 
      header("location: index.php?remarks=incorrect"); 
     } 
    } 
} 
else 
header("location: index.php?remarks=register"); 

} 

else 
header("location: index.php?remarks=other"); 

?> 

<html> 
<head> 
    <title>Login Form</title> 
</head> 
<body> 


<form method="post" action="code_index.php"> 
<table width="274" border="0" align="center" cellpadding="2" cellspacing="0"> 
    <tr> 
     <td colspan="2"> 
      <div align="center"> 
       <?php 
       $remarks=$_GET['remarks']; 
        if ($remarks==null and $remarks=="") 
        { 
         echo "Login Here<br/> <a  href='registration.php'>Or Click Here to Register.</a>"; 
        } 
        if ($remarks=='register') 
        { 
         echo "That username Does not Exists.<br/><a href='registration.php'>Click Here to register.</a>"; 
        } 
        if ($remarks=='incorrect') 
        { 
         echo "Incorrect Password.<br/>Please Re-enter Password"; 
        } 
        if ($remarks=='success') 
        { 
         echo "Login Successful. <br/> <a href='membersarea.php'>Click Here to go to the Members Area.</a>"; 
        } 
        if ($remarks=='other') { 
         echo "Please enter a Username and Password<br/><a href='registration.php'>Or Click Here to register.</a>"; 
        } 
       ?> 
      </div></td> 
    </tr> 
    <tr> 
     <td>Username:</td> 
     <td><input type="text" name="username" placeholder="Enter your Username"></td> 
    </tr> 
    <tr> 
     <td>Password:</td> 
     <td><input type="password" name="password" placeholder="Enter your Password"></td> 
    </tr> 
    <tr> 
     <td></td> 
     <td><input type="submit" value="Login"></td> 
     </tr> 
</table> 
</form> 
</body> 
</html>

來源

2013-12-13 user3100375

+1

你正在檢查兩件事情。如果'$ username === $ dbusername'總是匹配,因爲這就是你從數據庫中檢索行的方式。 '$ hash === $ dbpassword'總是匹配,因爲你正在分配前一行的值。 – andrewsi

+0

試試'$ dbpassword = $ rows ['password']'作爲賦值? – andrewsi

+0

另外你不需要任何時間 - 用戶名應該是唯一的。 – moonwave99

回答

0

你需要從數據庫

分配DBPASSWORD 
//$dbpassword = $hash; //This is wrong

像這樣做。

$dbpassword = $rows['password']; 

    if ($username===$dbusername&&$hash===$dbpassword)

來源

2013-12-13 18:29:56

+0

謝謝,我錯過了,似乎我所做的只是比較用戶輸入的密碼與自己,因爲我一直盯着它看這麼久,我成了代碼盲目。總是很好,讓它的另一雙眼睛。謝謝大家,我會嘗試這些建議。 – user3100375

+0

$ dbusername = $ rows ['username']; $ dbpassword = $ hash; \t \t \t if($ username === $ dbusername && $ password === $ dbpassword) – user3100375

0

你可以試試這個,

 ob_start(); 
     session_start(); 
     error_reporting(0); 

     $username = $_POST['username']; 
     $password = $_POST['password']; 

     //sanitize username 
     $username = mysql_real_escape_string($username); 

     if(isset($username) && isset($password)) { 
     include 'db.php'; 
     $query = mysql_query("SELECT id, username, password, salt 
      FROM member 
      WHERE username = '$username' "); 
     $numrows = mysql_num_rows($query);   

     if ($numrows > 0) { 
      while ($rows = mysql_fetch_array($query)) 
      { 
       $dbusername = $rows['username']; 

       $salt = $rows['salt']; 
       $hash = hash('sha256', $salt . hash('sha256', $password)); 

       $dbpassword = $hash; 

       if ($username==$dbusername && $hash==$dbpassword) 
       { 
        $_SESSION['username']=$dbusername; 
        header("location: index.php?remarks=success"); 
       } 
       else 
       { 
        header("location: index.php?remarks=incorrect"); 
       } 
      } 
     }else{ 
      header("location: index.php?remarks=register"); 
     } 

    }else{ 
     header("location: index.php?remarks=other"); 
    }

來源

2013-12-13 18:32:03

相關問題

 相關問題