php登录不起作用

Question

I'm working on a login system and I want, In case the user entered wrong username & password to return him to the login page and if its ok redirect to admin/index.php it's not working and no errors .我正在开发一个登录系统，我想要，如果用户输入了错误的用户名和密码以将他返回到登录页面，如果它可以重定向到 admin/index.php，它就无法工作并且没有错误。

Function code And the html code功能代码和html代码

    if(isset($_POST['submit_form'])){
        $username = mysqli_real_escape_string($_POST['username']);
        $password = mysqli_real_escape_string($_POST['password']);
        $query = mysqli_query("SELECT * FROM users WHERE username = '$username' AND   password ='{$password'");
        if($query==false){
            set_message(" Your password or username are wrong ");
            redirect("login.php");
        }else{
            redirect("admin");
        }
    }

The Html code Html 代码

<form class="form-inline" role="form" action="" method="post" enctype="multipart/form-data">
    <div class="form-group">        
        <label class="form-group" for="username">username</label>
        <input type="text" name="username" class="form-control" id="username" placeholder="username">
    </div>
    <div class="form-group">
        <label class="sr-only" for="password">Password</label>
        <input type="password" name="password" class="form-control" id="password" placeholder="password">
    </div>
    <button type="submit" name="submit_form" class="btn btn-black">
    <input type="hidden" name="submit_form" value="<?php echo session_id()"/>
        Login
    </button>
</form>

The functions功能

function redirect($location) {
    header("Location : $location"); 
}

function query($sql){
    global $connection ;
    return mysqli_query($connection, $sql);
}

function confirm($result){
    global $connection;
    if(!$result){
        die("QUERY FAILED " . mysqli_error($connection));
    } 
}

function escape_string($string){
    global $connection ;
    return mysqli_real_escape_string($connection, $string);
}

Answer 1

Yes, sorry i am just getting used to this thing.是的，对不起，我只是习惯了这件事。 Thanks for pointing out the mistake.感谢您指出错误。

    //this will eliminate the BOT hitting up the forms
    if(isset($_POST['submit_form']) && $_POST['submit_form']==session_id()){
    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);
    $query = mysqli_query("SELECT * FROM users WHERE username = '$username' AND   password ='$password'");
    if($query==false){
        set_message(" Your password or username are wrong ");
        redirect("login.php");
    }else{
        redirect("admin");
    }
}

And I updated the form as well.我也更新了表格。

  <form class="form-inline" role="form" action="" method="post" enctype="multipart/form-data">
<div class="form-group">        
    <label class="form-group" for="username">username</label>
    <input type="text" name="username" class="form-control" id="username" placeholder="username">
</div>
<div class="form-group">
    <label class="sr-only" for="password">Password</label>
    <input type="password" name="password" class="form-control" id="password" placeholder="password">
</div>
<button type="submit" name="submit_form" class="btn btn-black">

    Login
</button> <input type="hidden" name="submit_form" value="<?php echo session_id()"/>

I would use sprintf when parsing up the query.我会在解析查询时使用 sprintf。 It eliminates SQL Injections.它消除了 SQL 注入。 You can do something like this:你可以这样做：

      $query = sprintf('SELECT * FROM TABLE WHERE username = "%s" AND password = "%s"',
      mysql_real_escape_string($username),
      mysql_real_escape_string($password));

Hopefully this works for you.希望这对你有用。

php登录不起作用

问题描述

1 个解决方案

解决方案1
0 2016-03-29 13:15:33

php登录不起作用

问题描述

1 个解决方案

解决方案1 0 2016-03-29 13:15:33

解决方案1
0 2016-03-29 13:15:33