任何人都可以幫助,我一直在試圖讓這個PHP代碼工作,有限的成功,它似乎在while語句中的else語句被忽略,我看過其他的例子,只是看不到我做錯了什麼。代碼在登錄表單中使用,不工作的部分是用戶輸入錯誤的密碼。我是PHP新手,這是一個大學任務。我還將包含登錄頁面的代碼。PHP雖然...如果語句不工作,似乎忽略ELSE
<?php
ob_start();
session_start();
error_reporting(0);
$username = $_POST['username'];
$password = $_POST['password'];
//sanitize username
$username = mysql_real_escape_string($username);
if($username&&$password) {
include 'db.php';
$query = mysql_query("SELECT id, username, password, salt
FROM member
WHERE username = '$username';");
$numrows = mysql_num_rows($query);
$result = mysql_query($query);
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
$salt = $userData['salt'];
$hash = hash('sha256', $salt . hash('sha256', $password));
if ($numrows !=0) {
while ($rows = mysql_fetch_assoc($query))
{
$dbusername = $rows['username'];
$dbpassword = $hash;
if ($username===$dbusername&&$hash===$dbpassword)
{
$_SESSION['username']=$dbusername;
header("location: index.php?remarks=success");
}
else
{
header("location: index.php?remarks=incorrect");
}
}
}
else
header("location: index.php?remarks=register");
}
else
header("location: index.php?remarks=other");
?>
<html>
<head>
<title>Login Form</title>
</head>
<body>
<form method="post" action="code_index.php">
<table width="274" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<td colspan="2">
<div align="center">
<?php
$remarks=$_GET['remarks'];
if ($remarks==null and $remarks=="")
{
echo "Login Here<br/> <a href='registration.php'>Or Click Here to Register.</a>";
}
if ($remarks=='register')
{
echo "That username Does not Exists.<br/><a href='registration.php'>Click Here to register.</a>";
}
if ($remarks=='incorrect')
{
echo "Incorrect Password.<br/>Please Re-enter Password";
}
if ($remarks=='success')
{
echo "Login Successful. <br/> <a href='membersarea.php'>Click Here to go to the Members Area.</a>";
}
if ($remarks=='other') {
echo "Please enter a Username and Password<br/><a href='registration.php'>Or Click Here to register.</a>";
}
?>
</div></td>
</tr>
<tr>
<td>Username:</td>
<td><input type="text" name="username" placeholder="Enter your Username"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" placeholder="Enter your Password"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>
你正在檢查兩件事情。如果'$ username === $ dbusername'總是匹配,因爲這就是你從數據庫中檢索行的方式。 '$ hash === $ dbpassword'總是匹配,因爲你正在分配前一行的值。 – andrewsi
試試'$ dbpassword = $ rows ['password']'作爲賦值? – andrewsi
另外你不需要任何時間 - 用戶名應該是唯一的。 – moonwave99