dsg56465 2012-09-26 08:07
浏览 28
已采纳

使用PHP登录时比较用户名和密码

Suppose that I have PHP code as below:

<form action="index.php" method="post" id="myform">
     <tr>
        <td>User Name </td>
        <td><input type="text" name="text_username" placeholder="your username here" class="validate[required]"/></td>
     </tr>
      <tr>
        <td>Pass Word </td>
        <td><input type="password" name="text_password" placeholder="your password here" class="validate[required]" /></td>
     </tr>
     <?php 
            $userPass = array();
            $userName = array();
            $userID = array();
            include ('include/connectdb.php');
            if(isset($_POST['tbn_submit'])){
                $query = mysql_query("SELECT * FROM tblusers");
                $username = $_POST['text_username'];
                $password = $_POST['text_password'];

                 while($value= mysql_fetch_array($query)){ 
                            $userPass = $value['user_password'];
                            $userName = $value['user_username'];
                            $userID = $value['user_id'];
                                if($username == $userName && $password == $userPass){
                                     header("location:DataInfo.php?uid=".$userID);
                                   }
                                 else if($username != $userName && $password == $userPass) {
                                    echo'<tr><td colspan="2"><center><b style="color:red;">Invalide username or password, please check again!   </b></center></td></tr>';             
                                    }
                }
             }      
    ?>
     <tr>
        <td></td>
        <td><input type="submit" name="tbn_submit" class="btn btn-success" value="Login"/><input type="reset" class="btn btn-warning" value="Cancel"/></td>
     </tr>
     </form>

The Problems:

When I use wrong username and password it shows me the repeat messages Invalide username or password, please check again! so many time I do not want like this.How do I fix this.Anyone help me please, Thanks

  • 写回答

5条回答 默认 最新

  • doubiaode0460 2012-09-26 08:21
    关注

    The output that you are getting obvious from your code. What you are doing are:

    1. Fetching all records from user table (tblusers)

      mysql_query("SELECT * FROM tblusers");

    2. Then you are looping each record

      while($value= mysql_fetch_array($query))

    So, if table tblusers has 1000 records, you will get the message 1000 times.

    You should rewrite it to something like:

    include ('include/connectdb.php');
if(isset($_POST['tbn_submit'])){
  $username = $_POST['text_username'];
  $password = $_POST['text_password'];
  $query = mysql_query("SELECT * FROM tblusers WHERE username = $userName AND password = $userPass");

  if(mysql_num_rows($query)){
    $user = mysql_fetch_assoc($query)
    header("location:DataInfo.php?uid=".$user['user_id']);
  } else {
    echo '<tr><td colspan="2"><center><b style="color:red;">Invalide username or password, please check again!   </b></center></td></tr>';             
  }
}

    Please note following issues:

    • Variables $userName and $userPass are not escaped here, please do that in your code. You can look at here. Otherwise you may be putting yourself in risk!
    • You need to fix the markup in else { } block.
    • There are other improvements possible in the shown code/logic. I just gave you the idea!
    • Also looks time, you've stored plain text password in your database which you must not! At least use mysql's native password() function!
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(4条)

报告相同问题?

悬赏问题

  • ¥15 请教一下各位,为什么我这个没有实现模拟点击
  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 保护模式-系统加载-段寄存器
  • ¥15 电脑桌面设定一个区域禁止鼠标操作