dongxun2903 2017-06-22 09:29
浏览 37
已采纳

PHP系统登录错误

I'm facing an error in my login system. I know it has flaws and it is for learning purposes only. So the problem is that even when I enter correct login information; the codes just go to the last line and throw the last else statement. Any idea why is it doing that?

<?php

 session_start();

if (isset($_POST['submit'])) {

 include 'dbc.php';

 $login = mysqli_real_escape_string($conn, $_POST['login']);
 $pwd = mysqli_real_escape_string($conn, $_POST['pwd']);


 //error handler
 //check if inputs are empty
 if (empty($login) || empty($pwd)){
  header("Location: login.php?login=empty");
  exit();
 } else {
  $sql = "SELECT * FROM user WHERE name='$login'";
  $result = mysqli_query($conn, $sql);
  $resultCheck = mysqli_num_rows($result);
  if ($resultCheck < 1) {
   header("Location: login.php?login=error1");
   exit();
  } else {
   if ($row = mysqli_fetch_assoc($result)) {
    //dehashing
    $hashedPwdCheck = password_verify($pwd, $row['pwd']);
    if ($hashedPwdCheck == false) {
     header("Location: login.php?login=error2");
     exit();
    } elseif ($hashedPwdCheck == true) {
     //Log in user
     $_SESSION['s_id'] = $row['name'];
     header("Location: index.php?login=success");
     exit();
    }
   }
  }
 }
} else {
 header("Location: login.php?login=error3");
 exit();
}

</div>
  • 写回答

3条回答 默认 最新

  • douzhantanju1849 2017-06-22 09:49
    关注

    So the problem is that even i have entered correct login information the codes just goes to the last line and throws out the last else statement.

    Well it might happen that you do not have a button with the submit name hence it goes to the last line... one solution I can think of is use SERVER method as @Ivo P have suggested, this is to extend from his answer. 

    <?php
    session_start();
    if ($_SERVER['REQUEST_METHOD'] == "POST") {

        $login = $_POST['login'];
        $pwd   = $_POST['pwd'];

        if (empty($login) || empty($pwd)) {
            header("Location: login.php?login=empty");
            exit();
        } else {

        }

        $sql  = "SELECT * FROM user WHERE name = ? LIMIT 1";
        $stmt = $conn->prepare($sql);
        $stmt->bind_param('s', $login);
        $stmt->execute();
        $result = $stmt->get_result();
        $row    = $result->fetch_assoc();
        if (password_verify($pwd, $row['pwd'])) {
            $_SESSION['s_id'] = $row['name'];
            header("Location: index.php?login=success");
            exit();
        } else {
            header("Location: login.php?login=error2");
            exit();
        }
    }
    ?>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 微信小程序协议怎么写
  • ¥15 c语言怎么用printf(“\b \b”)与getch()实现黑框里写入与删除?
  • ¥20 怎么用dlib库的算法识别小麦病虫害
  • ¥15 华为ensp模拟器中S5700交换机在配置过程中老是反复重启
  • ¥15 java写代码遇到问题,求帮助
  • ¥15 uniapp uview http 如何实现统一的请求异常信息提示?
  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看