1. 首頁
  2. 問答
  3. PHP登錄用戶名錯誤

PHP登錄用戶名錯誤

2017-04-15 160 views
-1

我正在爲登錄寫代碼。我從另一個資源獲取了代碼。一切似乎都沒有問題,但它始終告訴我Alumni_ID(用戶名)不存在 - 即使它已經存在。PHP登錄用戶名錯誤

的登錄PHP代碼:

<?php 
 
    error_reporting(E_ALL); ini_set('display_errors', 1); 
 

 
$servername = getenv('IP'); 
 
$username = getenv('C9_USER'); 
 
$password = ""; 
 
$database = "c9"; 
 
$dbport = 3306; 
 
    $conn = mysqli_connect($servername,$username,"",$database,$dbport) or die(mysqli_error()); 
 
    if($_SERVER["REQUEST_METHOD"] == "POST"){ 
 
\t 
 
\t 
 
\t $query = mysql_query("SELECT Alumni_ID, Password from 'Alumni' WHERE Alumni_ID='$Alumni_ID'"); //Query the Alumni table if there are matching rows equal to $Alumni_ID 
 
\t 
 
\t $exists = mysql_num_rows($query); //Checks if Alumni_ID exists 
 
\t $table_Alumni = ""; 
 
\t $table_Password = ""; 
 
\t 
 
\t if($exists = 0) //IF there are no returning rows or no existing Alumni_ID 
 
\t 
 
\t  { 
 
       \t \t while($row = mysql_fetch_assoc($query)) //display all rows from query 
 
       \t \t { 
 
       \t \t \t $table_Alumni_ID = $row['Alumni_ID']; // the first Alumni_ID row is passed on to $table_Alumni, and so on until the query is finished 
 
       \t \t \t $table_Password = $row['Password']; // the first Password row is passed on to $table_Alumni, and so on until the query is finished 
 
       \t \t } 
 
       \t \t if(($Alumni_ID == $table_Alumni_ID) && ($Password == $table_Password)) // checks if there are any matching fields 
 
       \t \t { 
 
       \t \t \t \t if($Password == $table_Password) 
 
       \t \t \t \t { 
 
       \t \t \t \t \t $_SESSION['user'] = $Alumni_ID; //set the Alumni_ID in a session. This serves as a global variable 
 
       \t \t \t \t \t header("location: loggedalumni/index.php"); // redirects the user to the authenticated home page 
 
       \t \t \t \t } 
 
       \t \t \t \t 
 
       \t \t } 
 
       \t \t else 
 
       \t \t { 
 
       \t \t \t Print '<script>alert("Incorrect Password!");</script>'; //Prompts the user 
 
       \t \t \t Print '<script>window.location.assign("index.php");</script>'; // redirects to login.php 
 
       \t \t } 
 
\t } 
 
\t else 
 
\t { 
 
\t \t Print '<script>alert("Incorrect Username!");</script>'; //Prompts the user 
 
\t \t Print '<script>window.location.assign("index.php");</script>'; // redirects to login.php 
 
\t } 
 
} 
 
?>

這是形式:

<div class="col-lg-12"> 
 
           <div class="nav-link" style= "text-align: center;"><h3><b>Log In</b></h3></div> 
 
           <form id="ajax-login-form" action=" " method="post" role="form" autocomplete="off"> 
 
            <div class="form-group"> 
 
             <label for="Alumni_ID" style= "text-align: center;">Alumni ID</label> 
 
             <input type="text" name="Alumni_ID" tabindex="1" class="form-control" placeholder="Your Alumni ID" value="" autocomplete="off"> 
 
            </div> 
 

 
            <div class="form-group"> 
 
             <label for="password" style= "text-align: center;">Password</label> 
 
             <input type="password" name="password" id="password" tabindex="2" class="form-control" placeholder="Password" autocomplete="off"> 
 
            </div> 
 

 
            <div class="form-group"> 
 
             <div class="row row-centered" style="padding-left:20px"> 
 
              <div class="col-xs-7"> 
 
               <input type="checkbox" tabindex="3" name="remember" id="remember"> 
 
               <label for="remember" style= "align: center;"> Remember Me</label> 
 
              </div> 
 
              </div> 
 
              <div class="row row-centered"> 
 
              <div class="col-xs-5" style="padding-left:75px"> 
 
               <input type="submit" name="login-submit" id="login-submit" tabindex="4" class="form-control btn btn-success" style="background-color: #6a0001;" value="Log In" align="middle"> 
 
              </div> 
 
             </div> 
 
            </div> 
 

 
            <div class="form-group"> 
 
             <div class="row"> 
 
              <div class="col-lg-12"> 
 
               <hr> 
 
               <div style="padding-left:10px"> 
 
                <a href="recover.php" tabindex="5" class="forgot-password" style = "color: black">Forgot Password?</a> 
 
               </div> 
 
               <hr> 
 
               <div style="padding-left:10px"> 
 
                <a href="NewAlumni.php" tabindex="5" class="forgot-password" style = "color: black">Register Account</a> 
 
               </div> 
 
               <hr> 
 
               <div style="padding-left:10px"> 
 
                <a href="adminlogin.php" tabindex="5" class="forgot-password" style = "color: black">Admin Login</a> 
 
               </div> 
 

 
              </div> 
 
             </div> 
 
            </div> 
 
            <input type="hidden" class="hide" name="token" id="token" value="a465a2791ae0bae853cf4bf485dbe1b6"> 
 
           </form> 
 
          </div>

來源

2017-04-15 b_g

+0

那是一個PHP錯誤或SQL錯誤?你能否包含實際的錯誤信息。嘗試'打印「選擇Alumni_ID,來自'Alumni'的密碼WHERE Alumni_ID ='$ Alumni_ID'」;'在你的代碼中,然後直接在SQL中運行輸出語句。 – Manngo

+0

您正在使用mysql函數。他們貶值,並受到黑客攻擊。改用mysqli函數。 –

+0

@SloanThrasher是正確的,但我看到他們正在混入'mysqli_'語句,這更糟糕。請參閱http://stackoverflow.com/questions/17498216/can-i-mix-mysql-apis-in-php瞭解這可能會導致失敗。 – Manngo

回答

-1

你沒有定義什麼VA可變結構$Aliumni_ID

$query = mysql_query("SELECT Alumni_ID, Password from 'Alumni' WHERE Alumni_ID='$Alumni_ID'");

一個不正確的,但工作的代碼是

$query = mysql_query("SELECT Alumni_ID, Password from 'Alumni' WHERE Alumni_ID='".$_POST['Alumni_ID']."'");

來源

2017-04-15 00:16:05 Forbs

+0

「更合適的代碼」是使用準備好的語句和查詢參數。你在倡導SQL注入代碼。 – David

+0

的確,這確實會導致注射的一個主要問題 – Forbs

相關問題

 相關問題