<?php
session_start();
require_once 'conn.php';
$number=$_POST['number'];
$password=$_POST['password'];
if ($number!="" && $password!=""){
$conn=db_connect();
$query="select * from administrator where number='".$number."' and password=md5('".$password."')";
$result=mysqli_query($conn, $query);
if (empty($result)){
echo "alert('账号或密码错误,请重试!');<br>
location ='mnglogin.html';";
}else {
echo "alert('登录成功!');<br>
location ='administrator.php';";
$_SESSION['user']=$number;//在会话中注册当前用户
$psid=session_id();//获取当前会话的session id
$fp=fopen("./files/adminsid.txt", "w++");//建立文件连接
fwrite($fp, $psid);//把session id写入文件
fclose($fp);//关闭文件连接
}
}else {
echo "alert('账号或密码不能为空,请重试!');<br>
location ='mnglogin.html';";
}
?>
代码如上,不知道为什么,登录时不管输入什么密码,结果都是登陆成功。请各位大神帮帮忙,我初学PHP是在找不到问题在哪!