堆栈内存溢出
  简体   繁体   English

用户登录(使用会话)的麻烦

[英]User login (using sessions) trouble

 原文  2013-05-21 22:54:36       php/ html/ mysql/ sql

问题描述

I'm trying to make a log in system for users to login on my site. 我正在尝试建立一个登录系统,以便用户登录我的网站。 For some reason I can't seem to get my code to identify that a user exists, it always thinks the user doesn't exist in my database even when it does. 由于某种原因,我似乎无法使我的代码识别用户的存在,它始终认为该用户在我的数据库中不存在,即使存在。 I was hoping someone could look over my code and tell me if something is wrong, as I can't find any errors. 我希望有人可以查看我的代码并告诉我是否有问题,因为我找不到任何错误。

Also I should mention I'm very well aware none of this code is safe or secure, I would like to leave it that way for now. 另外,我应该提一下,我非常清楚这段代码中的任何一个都不安全,我想暂时将其保留。

Here is my table information: 这是我的表格信息: 

<!--  Login form -->
        <div id="userLogin">
            <form name="user_login" id="Login" method="post" action="loginSF.php">

                Username : <input type="text" name="yourUsername" id="username" ><br /> 
                <span id="usernameWarnings" style="color:black"> </span> <br />  

                Password : <input type="password" name="yourPassword" id="userPassword" > <br />
                <span id="passwordWarnings" style="color:black"> </span> <br />

                <input type="submit" value="login" onclick="return validateLoginForm()" >
            </form>
        </div>

Here is my PHP code for loginSF.php: (updated with SQL fix) (Problem still EXISTS) 这是我的loginSF.php的PHP代码:(已通过SQL修复程序更新)(问题仍然存在) 

<?php 

session_start(); // starts session

require_once 'databaseLogin.php'; //login info
$db_server = mysqli_connect($db_hostname, $db_username, $db_password, $db_database); //connection

if(mysqli_connect_errno($db_server))
{
    echo "failed to connect to mySQL: " . mysqli_connect_error();
}
//$loggedIn = mysqli_query($db_server,"SELECT User_Name FROM members");

$username = $_POST['yourUsername'];
$password = $_POST['yourPassword'];

$query = "SELECT `User_Name`, `Password` FROM `members` WHERE User_Name='$username' AND Password='$password'";
$loggedIn = mysqli_query($db_server, $query);

// check username and password match
if(mysqli_num_rows($loggedIn) == 1)
{
    echo "Login Successful";
}
else
{
    echo "Login failed";
}

?> ?>

users in database: 数据库中的用户:

User_Name Password 用户名密码

Tester345 tttttt 345测试仪

1 个解决方案

解决方案1
 0 已采纳  2013-05-21 22:56:56

Your code is vulnerable. 您的代码容易受到攻击。 I assume it's just a learning project 我认为这只是一个学习项目

change 更改 

$query = "SELECT 'User_Name', 'Password' FROM `members` WHERE User_Name='$username' AND Password='$password'";

to 

$query = "SELECT `User_Name`, `Password` FROM `members` WHERE User_Name='$username' AND Password='$password'";

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用$ _SESSIONS检查用户登录 - Checking user login using $_SESSIONS 用户登录和会话:是否安全 - User Login & Sessions :Safe or Not PHP中的会话(用户登录) - Sessions in PHP (user login) 使用一个inc_文件中的会话的用户登录状态 - User login status using sessions in ONE inc_ file 使用CodeIgniter登录和会话 - login and sessions using CodeIgniter 使用MySQL和Sessions登录 - Login using MySQL and Sessions 使用会话确认登录 - Using sessions to confirm login 使用数据库会话登录? - Login using database sessions? 使用PHP会话登录/注销? - Login/Logout using PHP sessions? 使用会话/ SQL轻松登录 - Simple Login Using Sessions / SQL
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM