0

我的登录系统出现错误。我知道它有缺陷,仅用于学习目的。所以问题是即使我输入了正确的登录信息;代码只是转到最后一行并抛出最后一个 else 语句。知道为什么要这样做吗?

<?php

 session_start();

if (isset($_POST['submit'])) {

 include 'dbc.php';

 $login = mysqli_real_escape_string($conn, $_POST['login']);
 $pwd = mysqli_real_escape_string($conn, $_POST['pwd']);


 //error handler
 //check if inputs are empty
 if (empty($login) || empty($pwd)){
  header("Location: login.php?login=empty");
  exit();
 } else {
  $sql = "SELECT * FROM user WHERE name='$login'";
  $result = mysqli_query($conn, $sql);
  $resultCheck = mysqli_num_rows($result);
  if ($resultCheck < 1) {
   header("Location: login.php?login=error1");
   exit();
  } else {
   if ($row = mysqli_fetch_assoc($result)) {
    //dehashing
    $hashedPwdCheck = password_verify($pwd, $row['pwd']);
    if ($hashedPwdCheck == false) {
     header("Location: login.php?login=error2");
     exit();
    } elseif ($hashedPwdCheck == true) {
     //Log in user
     $_SESSION['s_id'] = $row['name'];
     header("Location: index.php?login=success");
     exit();
    }
   }
  }
 }
} else {
 header("Location: login.php?login=error3");
 exit();
}

4

3 回答 3

1

如果你在最后一个 else 语句结束,那么第一个 if 提供 FALSE。

所以:你确定$_POST['submit']在场吗?

我会比较喜欢:

if('POST' == $_SERVER['REQUEST_METHOD'])

而不是检查某个按钮的存在?价值

于 2017-06-22T09:36:53.377 回答
0

这是您的相同代码,只是进行了一些更改和更正。

<?php

    include 'dbc.php';
    session_start();

if (isset($_POST['submit'])) {



    $login = mysqli_real_escape_string($conn, $_POST['login']);
    $pwd   = mysqli_real_escape_string($conn, $_POST['pwd']);


        $sql         = "SELECT * FROM user WHERE name='$login'";
        $result      = mysqli_query($conn, $sql);
        $resultCheck = mysqli_num_rows($result);
        if ($resultCheck < 1) {
            $msg = "<div class='error'><p>no such account found. please 
            register first</p></div>";
        } else {
            if ($row = mysqli_fetch_assoc($result)) {
                //dehashing
                $hashedPwdCheck = password_verify($pwd, $row['pwd']);
                if ( !$hashedPwdCheck ) {
                    $msg = "<div class='error'><p>password does not match 
                            with account</p></div>";
                } else {
                    //Log in user
                    $_SESSION['s_id'] = $row['id'];
                    header("Location: index.php");
                    exit();
                }
            }
        }

?>
<html>
   <?php
   //error message defined on the top
   if(isset($msg)){

        echo $msg;

   }
    ?>
   <form method="post">
       <input type="email" name="login" placeholder="your email address" 
        required>
       <input type="password" name="pwd" placeholder="your password here" 
        required>

      <button type="submit" name="submit"> Submit</button>

   </form>



</html>

建议:在不需要时不要重定向 有时将 html 生成的结果存储在变量中,检查 pdo 并使您的应用程序更简单

于 2017-06-22T13:18:54.403 回答
0

所以问题是,即使我输入了正确的登录信息,代码也只是转到最后一行并抛出最后一个 else 语句。

好吧,您可能没有带有submit名称的按钮,因此它转到最后一行......我能想到的一个解决方案是使用@Ivo P 建议的 SERVER 方法,这是从他的回答中扩展而来的。

<?php
    session_start();
    if ($_SERVER['REQUEST_METHOD'] == "POST") {

        $login = $_POST['login'];
        $pwd   = $_POST['pwd'];

        if (empty($login) || empty($pwd)) {
            header("Location: login.php?login=empty");
            exit();
        } else {

        }

        $sql  = "SELECT * FROM user WHERE name = ? LIMIT 1";
        $stmt = $conn->prepare($sql);
        $stmt->bind_param('s', $login);
        $stmt->execute();
        $result = $stmt->get_result();
        $row    = $result->fetch_assoc();
        if (password_verify($pwd, $row['pwd'])) {
            $_SESSION['s_id'] = $row['name'];
            header("Location: index.php?login=success");
            exit();
        } else {
            header("Location: login.php?login=error2");
            exit();
        }
    }
    ?>
于 2017-06-22T09:49:50.620 回答