不使用密码和用户名登录
[英]Logging in without using password and username
问题描述
我可以在不提供密码和用户名的情况下登录我的用户页面和管理页面。 选择usertype并单击“登录”时,两者都才能获得LoggedIn。 这是我的 login.php 代码
<?php
$servername="SERVER";
$username="USER";
$password="PWD";
$dbname="DB";
$conn = mysqli_connect($servername, $username, $password, $dbname);
echo("conneciton");
if(isset($_POST['Login'])){
$user=$_POST['user'];
$pass = $_POST['pass'];
$usertype=$_POST['usertype'];
$query = "SELECT * FROM multiuserlogin WHERE username='".$user."' and password = '".$pass."' and usertype='".$usertype."'";
$result = mysqli_query($conn, $query);
if($result){
while($row=mysqli_fetch_array($result)){
echo'<script type="text/javascript">alert("you are login successfully and you are logined as ' .$row['usertype'].'")</script>';
}
if($usertype=="admin"){
?>
<script type="text/javascript">
window.location.href="index.php"</script>
<?php
}else{
?>
<script type="text/javascript">
window.location.href="user.php"</script>
<?php
}
}else{
echo 'no result';
}
}
?>
<html>
<head>
<!-- title and meta -->
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>admin</title>
<!-- /title and meta -->
<script src="js/jquery.js"></script>
<!-- Bootstrap -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
<!-- Include all compiled plugins (below), or include individual files as needed -->
<script src="js/bootstrap.min.js"></script>
<link href="css/adminindex.css" rel="stylesheet">
</head>
<body class='bg-image'>
<center><div class="col-md-4 col-sm-4 col-xs-10 formclass">
<form action="" method="post" name="Login_Form">
<table>
<tr>
<td colspan="2" align="left" valign="top"><h3>Login</h3></td>
</tr>
<tr>
<td valign="top">Username:</td><td><input type="text" name="user" placeholder="enter your username"
</td>
</tr>
<tr>
<td >Password:</td><td><input type="text" name="pass" placeholder="enter your password"</td>
</tr>
<tr>
<td>
Select user type:</td><td> <select name="usertype">
<option value="admin">admin</option>
<option value="user">user</option>
</select>
</td>
</tr>
<tr>
<td><input type="submit" name="Login" value="Login"></td>
</tr>
</table>
</form> </div>
</center>
</body>
</html>
我的数据库表名是 multiuserlogin 列是用户名密码 usertype 请帮助我,我需要验证我的用户名密码,然后才能登录
1 个解决方案
解决方案1
0 已采纳 2020-02-14 08:08:35
你的 if 语句
if($result){
始终为真,因为它包含查询而不是结果。 因此,您以您选择的用户类型登录。
调整数据库信息并尝试一下:
$conn = new mysqli("SERVER", "USER", "PWD", "DB");
if (!$conn->connect_error) {
echo("connected");
if(isset($_POST['Login'])){
$user = $_POST['user'];
$pass = $_POST['pass'];
$query = "SELECT * FROM multiuserlogin WHERE username='".$user."' and password = '".$pass."' LIMIT 1";
$result = $conn->query($query);
$logged_user = $result->fetch_array(MYSQLI_ASSOC);
$conn->close();
if(is_array($logged_user) && $logged_user['username'] == $user) {
echo '<script type="text/javascript">alert("you are login successfully and you are logined as ' . $logged_user['usertype'] .'")</script>';
if($logged_user['usertype'] == "admin"){
echo '<script type="text/javascript">window.location.href="index.php"</script>';
} else {
echo '<script type="text/javascript">window.location.href="user.php"</script>';
}
} else {
echo 'no result';
}
}
}
不要忘记验证以防止 SQL 注入。
如何在没有用户名和密码的情况下使用gmail oauth提取电子邮件
[英]How to fetch emails using gmail oauth without username and password
如何在不使用用户名和密码的情况下使用Active Directory在PHP中对用户进行身份验证
[英]How to authenticate users in PHP using Active Directory without username and password
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.