php 登录脚本如果返回 else 即使登录信息在 db 中是正确的

Question

此代码块用于以我正在构建的页面后端的管理员身份登录。它解析为与我的“不正确信息”声明相呼应的“其他”声明。基本上说它没有找到我在服务器上创建的凭据，我已经检查并仔细检查过。还确认我的连接脚本正在运行。我很难过。任何帮助将不胜感激。

<?php
session_start();
if(isset($_SESSION["manager"])) {
  header("location: index.php");
  exit();
}
?>
<?php 
// Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["username"]) && isset($_POST["password"])) {

    $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["username"]); // filter everything but numbers and letters 
      $password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters 
      // Connect to the MySQL database
      include "../php/connect_to_mysql.php";
      $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // Query the person
//------MAKE SURE PERSON EXISTS-----
$existCount = mysql_num_rows($sql); // Count the row nums
if ($existCount == 1) {
    while($row = mysql_fetch_array($sql)){
      $id = $row["id"];
    }
    $_SESSION["id"] = $id;
    $_SESSION["manager"] = $manager;
    $_SESSION["password"] = $password;
    header("location: index.php");
    exit();
  } else {
    echo 'That information is incorrect, <a href="index.php">try again</a>.';
    exit();
  }
}
?>

这是表单代码

<form name="adminform" id="adminform" method="post" action="admin_login.php">
              <div class="row collapse">
                <div class="large-2 columns">
                  <label class="inline">Username</label>
                </div>
                <div class="large-10 columns">
                  <input type="text" id="username" placeholder="JohnDoe" name="username">
                </div>
              </div>
              <div class="row collapse">
                <div class="large-2 columns">
                  <label class="inline">Password</label>
                </div>
                <div class="large-10 columns">
                  <input type="password" id="password" placeholder="Shazam" name="password">
                </div>
              </div>
              <button type="submit" name="button" id="button" class="radius button">Log In</button>
        </form>

Answer 1

问题可能在于，即使您正在检查 $_POST var，当您执行过滤器时，您也会使用 $_SESSION 值。尝试使用 $_POST。

// Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["username"]) && isset($_POST["password"])) {
    $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]);
    $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]);

    // ...