PHP系統登錄錯誤

Question

我在登錄系統中遇到錯誤。我知道它有缺陷，僅用於學習目的。 所以問題是，即使我輸入正確的登錄信息，代碼只是到最後一行並拋出最後的else語句。任何想法爲什麼這樣做？

<?php 
 

 
session_start(); 
 

 
if (isset($_POST['submit'])) { 
 

 
include 'dbc.php'; 
 

 
$login = mysqli_real_escape_string($conn, $_POST['login']); 
 
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']); 
 

 

 
//error handler 
 
//check if inputs are empty 
 
if (empty($login) || empty($pwd)){ 
 
    header("Location: login.php?login=empty"); 
 
    exit(); 
 
} else { 
 
    $sql = "SELECT * FROM user WHERE name='$login'"; 
 
    $result = mysqli_query($conn, $sql); 
 
    $resultCheck = mysqli_num_rows($result); 
 
    if ($resultCheck < 1) { 
 
    header("Location: login.php?login=error1"); 
 
    exit(); 
 
    } else { 
 
    if ($row = mysqli_fetch_assoc($result)) { 
 
    //dehashing 
 
    $hashedPwdCheck = password_verify($pwd, $row['pwd']); 
 
    if ($hashedPwdCheck == false) { 
 
    header("Location: login.php?login=error2"); 
 
    exit(); 
 
    } elseif ($hashedPwdCheck == true) { 
 
    //Log in user 
 
    $_SESSION['s_id'] = $row['name']; 
 
    header("Location: index.php?login=success"); 
 
    exit(); 
 
    } 
 
    } 
 
    } 
 
} 
 
} else { 
 
header("Location: login.php?login=error3"); 
 
exit(); 
 
}

Answer 1

所以問題是，即使我已經正確輸入登錄信息 代碼只是進入到最後一行，並拋出了最後別的 聲明。

那麼它可能發生，你不必與submit名稱的按鈕，因此它進入到最後一行...一個解決方案，我能想到的是使用服務器的方法@Ivo p與建議，這是從他的回答延伸。

<?php 
    session_start(); 
    if ($_SERVER['REQUEST_METHOD'] == "POST") { 

     $login = $_POST['login']; 
     $pwd = $_POST['pwd']; 

     if (empty($login) || empty($pwd)) { 
      header("Location: login.php?login=empty"); 
      exit(); 
     } else { 

     } 

     $sql = "SELECT * FROM user WHERE name = ? LIMIT 1"; 
     $stmt = $conn->prepare($sql); 
     $stmt->bind_param('s', $login); 
     $stmt->execute(); 
     $result = $stmt->get_result(); 
     $row = $result->fetch_assoc(); 
     if (password_verify($pwd, $row['pwd'])) { 
      $_SESSION['s_id'] = $row['name']; 
      header("Location: index.php?login=success"); 
      exit(); 
     } else { 
      header("Location: login.php?login=error2"); 
      exit(); 
     } 
    } 
    ?> 

Answer 2

，如果你在最後else語句結束

，那麼第一個是否提供FALSE。

因此：你確定$_POST['submit']是否存在？

我寧願：

if('POST' == $_SERVER['REQUEST_METHOD']) 

而不是檢查一些按鈕的存在？值

Answer 3

這裏是你的代碼只是一些改變和糾正。

<?php 

    include 'dbc.php'; 
    session_start(); 

if (isset($_POST['submit'])) { 



    $login = mysqli_real_escape_string($conn, $_POST['login']); 
    $pwd = mysqli_real_escape_string($conn, $_POST['pwd']); 


     $sql   = "SELECT * FROM user WHERE name='$login'"; 
     $result  = mysqli_query($conn, $sql); 
     $resultCheck = mysqli_num_rows($result); 
     if ($resultCheck < 1) { 
      $msg = "<div class='error'><p>no such account found. please 
      register first</p></div>"; 
     } else { 
      if ($row = mysqli_fetch_assoc($result)) { 
       //dehashing 
       $hashedPwdCheck = password_verify($pwd, $row['pwd']); 
       if (!$hashedPwdCheck) { 
        $msg = "<div class='error'><p>password does not match 
          with account</p></div>"; 
       } else { 
        //Log in user 
        $_SESSION['s_id'] = $row['id']; 
        header("Location: index.php"); 
        exit(); 
       } 
      } 
     } 

?> 
<html> 
    <?php 
    //error message defined on the top 
    if(isset($msg)){ 

     echo $msg; 

    } 
    ?> 
    <form method="post"> 
     <input type="email" name="login" placeholder="your email address" 
     required> 
     <input type="password" name="pwd" placeholder="your password here" 
     required> 

     <button type="submit" name="submit"> Submit</button> 

    </form> 



</html> 

提醒：不要重定向時，其沒有必要儲存的結果有時會生成HTML結果在一個變量，看看PDO，使您的應用更簡單