此代码块用于以我正在构建的页面后端的管理员身份登录。它解析为与我的“不正确信息”声明相呼应的“其他”声明。基本上说它没有找到我在服务器上创建的凭据,我已经检查并仔细检查过。还确认我的连接脚本正在运行。我很难过。任何帮助将不胜感激。
<?php
session_start();
if(isset($_SESSION["manager"])) {
header("location: index.php");
exit();
}
?>
<?php
// Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["username"]) && isset($_POST["password"])) {
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["username"]); // filter everything but numbers and letters
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters
// Connect to the MySQL database
include "../php/connect_to_mysql.php";
$sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // Query the person
//------MAKE SURE PERSON EXISTS-----
$existCount = mysql_num_rows($sql); // Count the row nums
if ($existCount == 1) {
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["manager"] = $manager;
$_SESSION["password"] = $password;
header("location: index.php");
exit();
} else {
echo 'That information is incorrect, <a href="index.php">try again</a>.';
exit();
}
}
?>
这是表单代码
<form name="adminform" id="adminform" method="post" action="admin_login.php">
<div class="row collapse">
<div class="large-2 columns">
<label class="inline">Username</label>
</div>
<div class="large-10 columns">
<input type="text" id="username" placeholder="JohnDoe" name="username">
</div>
</div>
<div class="row collapse">
<div class="large-2 columns">
<label class="inline">Password</label>
</div>
<div class="large-10 columns">
<input type="password" id="password" placeholder="Shazam" name="password">
</div>
</div>
<button type="submit" name="button" id="button" class="radius button">Log In</button>
</form>
最佳答案
问题可能在于,即使您正在检查 $_POST var,当您执行过滤器时,您也会使用 $_SESSION 值。尝试使用 $_POST。
// Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["username"]) && isset($_POST["password"])) {
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]);
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]);
// ...
关于php 登录脚本如果返回 else 即使登录信息在 db 中是正确的,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18154981/