我的网站在填写注册表后不让我登录,数据库中的所有内容都是正确的,但就是不让我登录!另外,如果我确实解决了登录问题,它会让我转到“home.php”吗?很抱歉成为这样的新手,感谢您提前抽出时间!
<?php
session_start();
if(!isset($_SESSION["userlogin"])){
}else{
$username = $_SESSION["userlogin"];
}
?>
<?php
$reg = @$_POST['reg'];
//declaring variables to prevent errors
$first_name = ""; //First Name
$last_name = ""; //Last Name
$username = ""; //Username
$email = ""; //Email
$email2 = ""; //Email 2
$password = ""; //Password
$password2 = ""; // Password 2
$signupdate = ""; // Sign up Date
$usercheck = ""; // Check if username exists
//registration form
$first_name = strip_tags(@$_POST['first_name']);
$last_name = strip_tags(@$_POST['last_name']);
$username = strip_tags(@$_POST['username']);
$email = strip_tags(@$_POST['email']);
$email2 = strip_tags(@$_POST['email2']);
$password = strip_tags(@$_POST['password']);
$password2 = strip_tags(@$_POST['password2']);
$signupdate = date("Y-m-d"); // Year - Month - Day
if ($reg) {
if ($email==$email2) {
// Check if user already exists
$usercheck = mysql_query("SELECT username FROM users WHERE username='$username'");
// Count the amount of rows where username = $un
$check = mysql_num_rows($usercheck);
//Check whether Email already exists in the database
$echeck = mysql_query("SELECT email FROM users WHERE email='$email'");
//Count the number of rows returned
$emailcheck = mysql_num_rows($echeck);
if ($check == 0) {
if ($emailcheck == 0) {
//check all of the fields have been filed in
if ($username && $first_name && $last_name &&
$email && $email2 && $password && $password2)
{
// check that passwords match
if ($password==$password2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($username)>25 ||
strlen($first_name)>25 ||
strlen($last_name)>25)
{
echo "The maximum limit for username/first name/last name is 25 characters!";
}else {
// check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($password)>30||strlen($password)<5) {
echo "Your password must be between 5 and 30 characters long!";
}else {
//encrypt password and password 2 using crypt before sending to database
$password = crypt($password);
$password2 = crypt($password2);
$query = mysql_query("INSERT INTO users VALUES ('','$username','$first_name','$last_name','$email','$password','$signupdate','0')");
header("Location: index.php");
exit;
}
}
} else {
echo "Your passwords don't match!";
}
} else {
echo "Please fill in all of the fields";
}
}else{
echo "Sorry, but it looks like someone has already used that email!";
}
}else{
echo "Username already taken ...";
}
}else {
echo "Your E-mails don't match!";
}
}
?>
<?php
//Login Script
if (isset($_POST["userlogin"]) && isset($_POST["passwordlogin"])) {
$userlogin = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["userlogin"]); // filter everything but numbers and letters
$passwordlogin = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["passwordlogin"]); // filter everything but numbers and letters
$cryptpasswordlogin = crypt($passwordlogin);
$sql = mysql_query("SELECT id FROM users WHERE username='$userlogin' AND password='$cryptpasswordlogin' LIMIT 1"); // query the person
//Check for their existance
$userCount = mysql_num_rows($sql);
echo mysql_error();
//Count the number of rows returned
if ($userCount == 1) {
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["userlogin"] = $userlogin;
header("home.php");
exit();
}else{
echo 'That information is incorrect, try again';
exit();
}
}
?>
<div>
<h2>Already a Memeber? Login below ...</h2>
<form action="index.php" method="post" name="form1" id="form1">
<input type="text" size="40" name="userlogin" id="user_login" class="auto-clear" placeholder="Username..." /><p />
<input type="text" size="40" name="passwordlogin" id="password_login" placeholder="Password..." /><p />
<input type="submit" name="button" id="button" value="Login to your account">
</form>
</div>
<div>
<h2>Sign up Below ...</h2>
<form action="#.php" method="post">
<input type="text" size="40" name="username" class="auto-clear" title="Username" placeholder="Username..."><p />
<input type="text" size="40" name="first_name" class="auto-clear" title="First Name" placeholder="First name..."><p />
<input type="text" size="40" name="last_name" class="auto-clear" title="Last Name" placeholder="Last name..."><p />
<input type="text" size="40" name="email" class="auto-clear" title="Email" placeholder="Email..."><p />
<input type="text" size="40" name="email2" class="auto-clear" title="Repeat Email" placeholder="Email again..."><p />
<input type="password" size="40" name="password" placeholder="Password..."><p />
<input type="password" size="40" name="password2" placeholder="Password again..."><p />
<input type="submit" name="reg" value="Sign Up!">
</form>
</div>
</div>
</body>
</html>
最佳答案
请注意这个简单的测试。对同一个字符串使用 crypt() 两次不会产生相同的结果。
echo crypt('password') . PHP_EOL;
echo crypt('password') . PHP_EOL;
结果是:
$1$5u1.o45.$QqFY/BeCcln/LO7efiDp61
$1$R55.G3..$LQ9HxetMhV3KmJYM2q8UR/
因此,当您使用 crypt() 对注册密码进行 HASH,然后当您再次尝试脚本的登录部分时,即使用户输入了正确的密码,它也会 NOT 生成相同的 HASH 因此该查询将找不到用户行
SELECT id
FROM users
WHERE username='$userlogin'
AND password='$cryptpasswordlogin'
LIMIT 1
即crypt() 不会从同一个字符串生成两次相同的 HASH。
Please dont roll your own password hashing. PHP provides
password_hash()andpassword_verify()please use them. And here are some good ideas about passwords If you are using a PHP version prior to 5.5 there is a compatibility pack available here
关于php - 登录网站后无法转到另一个页面&填写注册表后也不会让我登录,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42639065/