堆栈内存溢出
  简体   繁体   English

我的登录表单代码有什么问题?

[英]What's wrong with my login form code?

 原文  2015-10-11 09:39:40       php

问题描述

I got this code as part of my login form, but I tried and I can still login without even using a password. 我在登录表单中获得了此代码,但是尝试了一下,即使不使用密码也可以登录。 I changed everything to be case sensitive, my code seems to have no syntax errors, and I'm stumped. 我将所有内容更改为区分大小写,我的代码似乎没有语法错误,并且感到很困惑。 

if ($_POST['login']) {

$query= "SELECT * FROM users WHERE email='".mysqli_real_escape_string($link, $_POST['loginemail'])."' AND password='".md5(md5($_POST['loginemail'])+$_POST['loginpassword'])."' LIMIT 1";
$result= mysqli_query($link, $query);
$row= mysqli_fetch_array($result);

if ($row) {

    $_SESSION['id']= $row['id'];
  header("location:mainpage.php");

 } else {

  $error= "We could not find any user with the submitted informations!";
}

}

3 个解决方案

解决方案1
 0 已采纳  2015-10-11 09:53:36

kindly do the following in order to troubleshoot the above 请执行以下操作以解决上述问题

  1. Enable error reporting in the beginning of script add below: error_reporting(E_ALL); 在脚本的开头启用错误报告,添加以下内容:error_reporting(E_ALL); ini_set('display_errors', 1); ini_set('display_errors',1);
  2. var_dump the query and run in phpmyadmin / mysql console - ensure that everything is correct var_dump查询并在phpmyadmin / mysql控制台中运行-确保一切正确

The above will most likely show the problem if not then do post the corresponding html 如果没有,上面的内容很可能会显示问题,然后发布相应的html

解决方案2
 0  2015-10-11 09:53:51

I see you have twice the login + password received in your query. 我发现您在查询中收到的登录名+密码是您的两倍。 Is encrypted twice is not an issue? 两次加密不是问题吗? One hash is enough. 一个哈希就足够了。 For security, md5 () is not the best method, hash () is much better ( http://php.net/manual/fr/function.hash.php ). 为了安全起见, md5 ()并不是最好的方法,hash()更好( http://php.net/manual/fr/function.hash.php )。 Especially with sha512 for $algo parameter. 尤其是对于$algo参数的sha512 If you mutlitplies md5 , the imprint will never be good. 如果您将md5了倍增,则标记永远不会是好的。 Example with md5() : md5()示例: 

$query= "SELECT * FROM users 
WHERE 
email='".mysqli_real_escape_string($link, $_POST['loginemail'])."' 
AND 
password='".hash('md5', $_POST['loginemail']+$_POST['loginpassword'])."' 
LIMIT 1";

解决方案3
 0  2015-10-11 10:16:18

Your not checked how many records are present in the result. 您没有检查结果中有多少条记录。 Replace your code with bellow code, will work fine. 用下面的代码替换您的代码,即可正常工作。 

if ($_POST['login']) {

$query= "SELECT * FROM users WHERE email='".mysqli_real_escape_string($link, $_POST['loginemail'])."' AND password='".md5(md5($_POST['loginemail'])+$_POST['loginpassword'])."' LIMIT 1";
$result= mysqli_query($link, $query);


if ($result->num_rows==1) {
    $row= mysqli_fetch_array($result);    
    $_SESSION['id']= $row['id'];
    header("location:mainpage.php");
    exit(0);//Best practice to quit the execution after done the page redirection.
 } else {

  $error= "We could not find any user with the submitted informations!";
}

}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我的php登录表单有什么问题? - What's wrong with my php login form? 简单的PHP登录表单返回mysqli_num_rows为“ 0”。 我的代码逻辑怎么了? - Simple PHP Login Form Returns '0' mysqli_num_rows. What's wrong with my code logic? 我的表格怎么了? - What's wrong with my form? PHP登录系统-代码有什么问题? - PHP login system - What's wrong with the code? 此登录代码有什么问题? SQL和PHP - What's wrong with this login code? SQL and PHP 我的登录脚本出了什么问题? - What's wrong with my login script? 这个联系表格代码有什么问题? - What's wrong with this contact form code? 我的php表单代码有什么问题? - What is wrong with my php form code? 我的联系表格有什么问题? - What's wrong with my contact form? 我的自动加载代码有什么问题 - What's wrong in my autoload code
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM