[英]How to solve the login error in php
I have made a login page in php. 我已经在php中创建了一个登录页面。 for database i have used here mysql. 对于数据库,我在这里使用了mysql。 If i want to login it is always showing the message username password wrong ...but there is already exist the username and password. 如果我要登录,它总是显示消息用户名密码错误...,但是用户名和密码已经存在。 So i cannot find out what is the problem. 所以我无法找出问题所在。
http://jsfiddle.net/Sazal/my4wvnvt/ http://jsfiddle.net/Sazal/my4wvnvt/
this is my login design page.. 这是我的登录设计页面。
here is below the checklogin.php code.. 这是在checklogin.php代码下面。
// userName and password sent from form
$myusername=$_POST['username'];
$mypassword=$_POST['pwd'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE userName='$myusername' and pass='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1 ){
// Register $myusername, $mypassword and redirect to file "login_success.php"
//session_register("myusername");
//$_SESSION['login_user']=$myusername; // Initializing Session
//$_SESSION['myusername']=$myusername;
//$_SESSION['password']=$mypassword;
//session_register("mypassword");
header("location:home.php");
}
else {
//echo "Wrong Username or Password";
header("Location:index.php?errorMssg=".urlencode("Wrong Username or Password"));
}
?>
Your form elements have no name attributes. 您的表单元素没有名称属性。 You cannot rely on an "id" alone. 您不能仅依靠“ id”。
<input type="text" class="form-control" id="username" placeholder="Enter username">
and 和
<input type="text" class="form-control" id="pwd" placeholder="Enter password">
You need to add them, since you are declaring 您需要添加它们,因为您要声明
$myusername=$_POST['username'];
$mypassword=$_POST['pwd'];
Modify to: 修改为:
<input name="username" type="text" class="form-control" id="username" placeholder="Enter username">
and 和
<input name="pwd" type="text" class="form-control" id="pwd" placeholder="Enter password">
I noticed you may be storing passwords in plain text. 我注意到您可能以纯文本形式存储密码。 If this is the case, it is highly discouraged. 如果是这种情况,强烈建议不要这样做。
I recommend you use CRYPT_BLOWFISH or PHP 5.5's password_hash()
function. 我建议您使用CRYPT_BLOWFISH或PHP 5.5的password_hash()
函数。 For PHP < 5.5 use the password_hash() compatibility pack
. 对于PHP <5.5,使用password_hash() compatibility pack
。
Sidenote: You should also add exit;
旁注:您还应该添加exit;
after each header. 在每个标题之后。
Ie: 即:
if($count==1 ){
header("location:home.php");
exit;
}
else {
//echo "Wrong Username or Password";
header("Location:index.php?errorMssg=".urlencode("Wrong Username or Password"));
exit;
}
mysqli
with prepared statements , or PDO with prepared statements , they're much safer . 考虑将mysqli
与预处理语句一起使用,或将PDO与预处理语句一起使用 , 它们会更安全 。 A few things to also consider is that your column(s) length should be long enough to accomodate your data as is the column type. 还需要考虑的几件事是您的列长度应该足够长以容纳数据,就像列类型一样。
When storing password hashes, I myself use VARCHAR
to its fullest; 在存储密码哈希时,我自己最大程度地使用了VARCHAR
。 255. 255。
I admit it's an overkill, but that's just me. 我承认这太过分了, 但那只是我。
Try: 尝试:
<input name="username"...>
Not: 不:
<input id="username"...>
Same for password. 密码相同。
It's the value of the "name" attribute that indexes the $_POST
array. 索引$_POST
数组的是“ name”属性的值。
Also, try a var_dump($_POST);
另外,尝试var_dump($_POST);
in your php script, to test what you actually receive from your html form, before searching errors on the mysql side. 在您的php脚本中,测试在mysql端搜索错误之前测试从html表单中实际收到的内容。
Your input fields has no name attributes use name="" using id's and class's does not sent the values of the filed via post request 您的输入字段没有名称属性,使用id的name =“”和class的类别不通过邮寄请求发送文件的值
without name attribute the input field you can't get data via post request 没有名称属性的输入字段,您无法通过发布请求获取数据
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.