1. 首頁
  2. 問答
  3. 登錄頁面允許任何密碼登錄PHP

登錄頁面允許任何密碼登錄PHP

2016-08-19 92 views
0

我有我的代碼有問題,當我加入這個登錄頁面允許任何密碼登錄PHP

的login.php

<?PHP session_start(); 
$_SESSION['email'] = $_POST['email']; 

?> 
<?php echo '<script>window.location = "http://somepage.com/"</script>'; ?>

我的登錄頁面允許任何密碼登錄,它顯示正確的電子郵件地址在我的主頁。但是當我刪除上面的代碼並鍵入任何密碼它不會讓我登錄我必須使用正確的密碼。爲什麼會發生?我真的需要上面的代碼工作,因爲那讓我登錄到受限制的頁面,這是我在有限的頁面上使用像profile.php

resctricted頁面,如profile.php

<?PHP 
session_start(); 
if(!$_SESSION['email']){ 
header("Location: login"); 
die; 
} 
?> 


<?PHP session_start(); 
 
$_SESSION['email'] = $_POST['email']; ?> 
 

 
<?php echo '<script>window.location = "http://torcdesign.com/"</script>'; ?> 
 

 
<?php 
 
\t require_once("configur.php"); 
 
\t $mysqli = new mysqli(localhost, root, password, dbname); 
 
\t # check connection 
 
\t if ($mysqli->connect_errno) { 
 
\t \t echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>"; 
 
\t \t exit(); 
 
\t } 
 
    
 
$email=$_POST['email']; 
 

 

 
$encrypt_password = $_POST['encrypt_password']; 
 
$encrypt_password = hash("sha512",$encrypt_password); 
 
    
 
\t $sql = "SELECT * from register_login WHERE email='$email' and encrypt_password='$encrypt_password'"; 
 
\t $result = $mysqli->query($sql); 
 
\t if (!$result->num_rows == 1) { 
 
\t \t echo "<p>Invalid username/password combination</p>"; 
 
\t } else { 
 
\t \t echo "<p>Logged in successfully</p>"; 
 
\t \t // do stuffs 
 
\t } 
 

 
?> \t \t

來源

2016-08-19 ponyboy

回答

0

不要設置會話您檢查條件之前

<?PHP session_start(); ?> 

<?php echo '<script>window.location = "http://torcdesign.com/"</script>'; ?> 

<?php 
    require_once("configur.php"); 
    $mysqli = new mysqli(localhost, root, password, dbname); 
    # check connection 
    if ($mysqli->connect_errno) { 
     echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>"; 
     exit(); 
    } 

$email=$_POST['email']; 


$encrypt_password = $_POST['encrypt_password']; 
$encrypt_password = hash("sha512",$encrypt_password); 

    $sql = "SELECT * from register_login WHERE email='$email' and encrypt_password='$encrypt_password'"; 
    $result = $mysqli->query($sql); 
    if (!$result->num_rows == 1) { 
     echo "<p>Invalid username/password combination</p>"; 
    } else { 
     $_SESSION['email'] = $email; 
     echo "<p>Logged in successfully</p>"; 
     // do stuffs 
    } 

?>

來源

2016-08-19 03:52:22 sujivasagam

相關問題

 相關問題