0
我有我的代碼有問題,當我加入這個登錄頁面允許任何密碼登錄PHP
的login.php
<?PHP session_start();
$_SESSION['email'] = $_POST['email'];
?>
<?php echo '<script>window.location = "http://somepage.com/"</script>'; ?>
我的登錄頁面允許任何密碼登錄,它顯示正確的電子郵件地址在我的主頁。但是當我刪除上面的代碼並鍵入任何密碼它不會讓我登錄我必須使用正確的密碼。爲什麼會發生?我真的需要上面的代碼工作,因爲那讓我登錄到受限制的頁面,這是我在有限的頁面上使用像profile.php
resctricted頁面,如profile.php
<?PHP
session_start();
if(!$_SESSION['email']){
header("Location: login");
die;
}
?>
<?PHP session_start();
$_SESSION['email'] = $_POST['email']; ?>
<?php echo '<script>window.location = "http://torcdesign.com/"</script>'; ?>
<?php
\t require_once("configur.php");
\t $mysqli = new mysqli(localhost, root, password, dbname);
\t # check connection
\t if ($mysqli->connect_errno) {
\t \t echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
\t \t exit();
\t }
$email=$_POST['email'];
$encrypt_password = $_POST['encrypt_password'];
$encrypt_password = hash("sha512",$encrypt_password);
\t $sql = "SELECT * from register_login WHERE email='$email' and encrypt_password='$encrypt_password'";
\t $result = $mysqli->query($sql);
\t if (!$result->num_rows == 1) {
\t \t echo "<p>Invalid username/password combination</p>";
\t } else {
\t \t echo "<p>Logged in successfully</p>";
\t \t // do stuffs
\t }
?> \t \t