dongxun2903 2017-06-22 09:29
浏览 37
已采纳

PHP系统登录错误

I'm facing an error in my login system. I know it has flaws and it is for learning purposes only. So the problem is that even when I enter correct login information; the codes just go to the last line and throw the last else statement. Any idea why is it doing that?

<?php

 session_start();

if (isset($_POST['submit'])) {

 include 'dbc.php';

 $login = mysqli_real_escape_string($conn, $_POST['login']);
 $pwd = mysqli_real_escape_string($conn, $_POST['pwd']);


 //error handler
 //check if inputs are empty
 if (empty($login) || empty($pwd)){
  header("Location: login.php?login=empty");
  exit();
 } else {
  $sql = "SELECT * FROM user WHERE name='$login'";
  $result = mysqli_query($conn, $sql);
  $resultCheck = mysqli_num_rows($result);
  if ($resultCheck < 1) {
   header("Location: login.php?login=error1");
   exit();
  } else {
   if ($row = mysqli_fetch_assoc($result)) {
    //dehashing
    $hashedPwdCheck = password_verify($pwd, $row['pwd']);
    if ($hashedPwdCheck == false) {
     header("Location: login.php?login=error2");
     exit();
    } elseif ($hashedPwdCheck == true) {
     //Log in user
     $_SESSION['s_id'] = $row['name'];
     header("Location: index.php?login=success");
     exit();
    }
   }
  }
 }
} else {
 header("Location: login.php?login=error3");
 exit();
}

</div>
  • 写回答

3条回答 默认 最新

  • douzhantanju1849 2017-06-22 09:49
    关注

    So the problem is that even i have entered correct login information the codes just goes to the last line and throws out the last else statement.

    Well it might happen that you do not have a button with the submit name hence it goes to the last line... one solution I can think of is use SERVER method as @Ivo P have suggested, this is to extend from his answer. 

    <?php
    session_start();
    if ($_SERVER['REQUEST_METHOD'] == "POST") {

        $login = $_POST['login'];
        $pwd   = $_POST['pwd'];

        if (empty($login) || empty($pwd)) {
            header("Location: login.php?login=empty");
            exit();
        } else {

        }

        $sql  = "SELECT * FROM user WHERE name = ? LIMIT 1";
        $stmt = $conn->prepare($sql);
        $stmt->bind_param('s', $login);
        $stmt->execute();
        $result = $stmt->get_result();
        $row    = $result->fetch_assoc();
        if (password_verify($pwd, $row['pwd'])) {
            $_SESSION['s_id'] = $row['name'];
            header("Location: index.php?login=success");
            exit();
        } else {
            header("Location: login.php?login=error2");
            exit();
        }
    }
    ?>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 求解达问题(有红包)
  • ¥15 请解包一个pak文件
  • ¥15 不同系统编译兼容问题
  • ¥100 三相直流充电模块对数字电源芯片在物理上它必须具备哪些功能和性能?
  • ¥30 数字电源对DSP芯片的具体要求
  • ¥20 antv g6 折线边如何变为钝角
  • ¥30 如何在Matlab或Python中 设置饼图的高度
  • ¥15 nginx中的CORS策略应该如何配置
  • ¥30 信号与系统实验:采样定理分析
  • ¥100 我想找人帮我写Python 的股票分析代码,有意请加mathtao