dongmacuo1193 2013-03-05 00:13 采纳率: 0%
浏览 32
已采纳

无法以注册用户身份登录(php和mysql)

I'm trying to do a log in and registration script. I've managed to finish most of it; however, after I register a user I am unable to log in as that user. That is, registered users are unable to log in. Any help would be massively appreciated! :)

This is the code that relates to the specific problem:

$login = login ($username, $password);
        if ($login === false) {
         $errors [] = 'That username/password combination is incorrect';
        } else {
           $_SESSION ['user_id'] = $login;
           header ('Location: index.php');
           exit (); 
    }       


function  login ($username, $password) {
   $user_id = user_id_from_username ($username);

   $username = sanitize ($username);
   $password = md5($password);

return (mysql_result(mysql_query("SELECT COUNT(user_id) FROM users WHERE username =     '$username' AND password = '$password'"), 0) == 1) ? $user_id : false;
}

I wrote the query above like this (BELOW), earlier. Writing it this way allowed me to log in but with "literally" any password. 

function login ($username, $password){ 
  $user_id = user_id_from_username ($username);

  $username = sanitize ($username); 
  $password = sanitize ($password); 

  $query1 = mysql_query("SELECT COUNT(user_id) FROM users WHERE username =     '$username'"); 

 $query2 =  mysql_query("SELECT COUNT(user_id) FROM users WHERE password = '$password'"); 

 return  (mysql_result($query1, 0) == 1) ? $user_id : false; 
 return (mysql_result($query2, 0) == 1) ? $user_id : false;

That is to say, I broke the query down into two parts, but noticed the password query was completely irrelevant (even if I "commented" it out).

PS. I know I should be using PDO or Mysqli instead of mysql queries, and that md5 isn’t that secure. Just ignore these things for the sake of this riddle.

  • 写回答

1条回答 默认 最新

  • doufocheng6233 2013-03-05 01:40
    关注

    You really should break up your DB query operations in such a manner that you handle the query results in a thorough manner. Get in the practice of doing this. It will save you lots of time in debugging DB query issues.

    Also, there is no need to query the DB twice here (which I assume is what you are doing with your user_id_from_username() function call. Just get rid of this entirely and design your query to get the information you need all at once.

    Finally you really should get in the habit of specifying your database connections explicitly. In this case I pass the DB connection into the function.

    Putting it all together you end up with something like this:

    function  login ($username, $password, $db_conn) {
    $username = sanitize ($username);
    $password = md5($password);

    $query = "SELECT user_id FROM users WHERE username = '$username' AND password = '$password'";
    $result = mysql_query($query, $db_conn);

    if (false === $result) { // the query failed
        throw new Exception('Database failed with message: ' . mysql_error());
    }

    $rows = mysql_num_rows($result);
    if (0 === $rows) { // no record found
        return false;
    } else if ($rows > 1) { // too many records found.. really your DB indexes should disallow this
        return false;
    }

    $user_id = mysql_result($result, 0 , 'user_id');
    return $user_id;
}

    Of course you already mentioned that you are aware that your should be using mysqli or PDO. I can't urge you strongly enough to start using one of those, as mysql is deprecated and you will find you have to start learning one of those others soon anyway, so you might as well start now.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 R语言Rstudio突然无法启动
  • ¥15 关于#matlab#的问题:提取2个图像的变量作为另外一个图像像元的移动量,计算新的位置创建新的图像并提取第二个图像的变量到新的图像
  • ¥15 改算法,照着压缩包里边,参考其他代码封装的格式 写到main函数里
  • ¥15 用windows做服务的同志有吗
  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值