由于某种原因无法登录到我用 php 和 mysql 制作的项目

Question

So I am working on a project and I'm making an admin page, and everything was working fine until a moment ago, now when I try to log in it just puts me back into the login page every time and it doesn't even show "Login failed" so I don't think the password is the problem it doesnt let me enter the index page either can anybody explain or catch why it might not be logging me in.所以我正在做一个项目，我正在制作一个管理页面，直到刚才一切都很好，现在当我尝试登录时，它每次都让我回到登录页面，它甚至没有显示“登录失败”，所以我认为密码不是问题，它不允许我进入索引页面，任何人都可以解释或了解为什么它可能无法登录我。

Here is the registration page:这是注册页面：

<?php
include("db.php");
include("header.php");
include("footer.php");
?>

<!-- REGISTRATION FORM -->

<div class="container">
    <div class="head" style="text-align:center">
        <h1>Register admin for VASMOVIES</h1>
    </div>
    <form action="registeradmin.php" method="POST">
  <div class="form-group">
    <label for="exampleInputEmail1">Username</label>
    <input type="text" name="username" class="form-control" id="exampleInputEmail1" aria-describedby="emailHelp" placeholder="Enter username">
    <small id="emailHelp" class="form-text text-muted">We'll never share your email with anyone else.</small>
  </div>
  <div class="form-group">
    <label for="exampleInputPassword1">Password</label>
    <input type="password" name="password" class="form-control" id="exampleInputPassword1" placeholder="Password">
  </div>
  <button type="submit" name="submit" class="btn btn-primary">Submit</button>
</form>
</div>

<?php
if(isset($_POST['submit'])) {
    
    $username = $_POST['username'];
    $password = $_POST['password'];
    $hash = password_hash('$password', PASSWORD_BCRYPT);
    
    $query = "INSERT INTO `admin`(`username`, `password`) VALUES ('$username','$hash')";
    $run = mysqli_query($con,$query);
    
    if($run){
        echo "Admin added";
    }
    else{
        echo "Something went wrong";
    }
}


?>

Heres the login page:这是登录页面：

<?php
session_start();
include("header.php");
include("footer.php");
include("db.php");
?>

<div class="container">
    <div class="head" style="text-align:center">
        <h1>Login to VASMOVIES</h1>
    </div>
    <form action="login.php" method="POST">
  <div class="form-group">
    <label for="exampleInputEmail1">Username</label>
    <input type="text" name="username" class="form-control" id="exampleInputEmail1" aria-describedby="emailHelp" placeholder="Enter username">
    <small id="emailHelp" class="form-text text-muted">We'll never share your information with anyone else.</small>
  </div>
  <div class="form-group">
    <label for="exampleInputPassword1">Password</label>
    <input type="password" name="password" class="form-control" id="exampleInputPassword1" placeholder="Password">
  </div>
  <button type="submit" name="submit" class="btn btn-primary">Submit</button>
</form>
</div>

<?php

if(isset($_POST['submit'])){
    $username = $_POST['username'];
    $password = $_POST['password'];
    
    
    $query = "SELECT * FROM admin WHERE username = '$username'";
    $run = mysqli_query($con,$query);

    if(mysqli_num_rows($run)>0){
        while($row = mysqli_fetch_assoc($run)){
            if(password_verify($password, $row['password'])){
                $_SESSION['loginsuccesfull']=1;
                echo "<script>alert('Logged in successfully'); window.location.href='index.php'</script>";
                
            }
        }
    }
    else{
        echo "<script>alert('Failed to loggin');</script>";
    }
}

?>

And the index page:和索引页：

<?php
session_start();
if(isset($_SESSION['loginsuccesfull'])){}
else {
    echo "<script>alert('You are not logged in');window.location.href='login.php'</script>";
}

include("db.php");
include("header.php");
include("footer.php");
?>

Answer 1

You're only outputting an error message if the user does not exist.如果用户不存在，您只会输出错误消息。 Your if-statement, where you check the password with password_verify , no else condition is provided.您的 if 语句，您在其中使用password_verify检查password_verify ，没有提供其他条件。 Therefore, nothing gets output.因此，没有任何输出。 Change your code to this:将您的代码更改为：

if(mysqli_num_rows($run)>0){
        while($row = mysqli_fetch_assoc($run)){
            if(password_verify($password, $row['password'])){
                $_SESSION['loginsuccesfull']=1;
                echo "<script>alert('Logged in successfully'); window.location.href='index.php'</script>";
            } else {
                echo "<script>alert('Failed to loggin');</script>";
            }
        }
    } else {
        echo "<script>alert('Failed to loggin');</script>";
    }

Also consider preparing your SQL statements, as Dharman explained in their comment.还可以考虑准备 SQL 语句，正如 Dharman 在他们的评论中所解释的那样。

Answer 2

The property window.location.href will redirect you to page that you set in it.属性 window.location.href 会将您重定向到您在其中设置的页面。 When you log in successfully, system will redirect you to the index.php page.当您登录成功时，系统会将您重定向到 index.php 页面。 So you shouldn't automatically redirect to the login page, or use a session to know if the user is logged in and then don't redirect.所以你不应该自动重定向到登录页面，或者使用会话来知道用户是否登录然后不要重定向。

if(!$_SESSION['userLogged']) {
     header('Location: index.php');
}

Consider using header('Location: ...') insead of window.location.href in js考虑在 js 中使用window.location.href 的header('Location: ...') insead

And second case that @stui mention. @stui 提到的第二种情况。

Finally, consider using a framework because the website created in this way is exposed to hacking attacks and other problems of a novice user.最后，考虑使用框架，因为以这种方式创建的网站容易受到黑客攻击和新手用户的其他问题。

由于某种原因无法登录到我用 php 和 mysql 制作的项目

问题描述

2 个解决方案

解决方案1
0 2021-11-10 20:17:43

解决方案2
0 2021-11-10 20:25:56

由于某种原因无法登录到我用 php 和 mysql 制作的项目

问题描述

2 个解决方案

解决方案1 0 2021-11-10 20:17:43

解决方案2 0 2021-11-10 20:25:56

解决方案1
0 2021-11-10 20:17:43

解决方案2
0 2021-11-10 20:25:56