我正在web服务器中上传我的网站,但我的登录不起作用。在localhost上一切都很好。现在,当我输入正确的用户名和密码时,它会告诉我用户名/密码组合不正确。当我输入错误的密码时,它会再次输入。其他验证工作正常,我的代码:登录.php
<?php
include 'core/init.php';
if(empty($_POST) === false) {
$username= $_POST['username'];
$password = $_POST['password'];
if(empty($username)=== true || empty($password) === true ) {
$errors[] = 'You need to enter a username & password';
}else if (user_exists($username) === false) {
$errors[]='We cant find that username.Have you registered?';
}else if (user_active($username) === false) {
$errors[]='You havent activated your account!';
}else {
if(strlen($password) > 32) {
$errors[] = 'Password too long';
}
$login = login($username, $password);
if($login === false) {
$errors[] = 'That username/password combination is incorrect';
}else{
$_SESSION['user_id'] = $login;
header('Location: index2.php');
exit();
}
}
}else {
$errors[] = 'No data received';
}
include 'overall/headerr.php';
if (empty($errors)=== false) {
?>
<h2>We tried to log you in, but...</h2>
<?php
echo output_errors($errors);
}
?>
users.php
function login($username, $password){
$user_id = user_id_from_username($username);
$username = sanitize($username);
$password = md5($password);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username`='$username' AND `password`='$password'"), 0)==1) ? $user_id : false;
}
function logged_in() {
return (isset($_SESSION['user_id'])) ? true : false;
}
function user_exists($username) {
$username = sanitize($username);
return (mysql_result( mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` ='$username' "), 0) == 1) ? true : false;
}
function user_active($username) {
$username = sanitize($username);
return(mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `active` =1"), 0) == 1) ? true : false;
}
function user_id_from_username($username) {
$username = sanitize($username);
return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username'"), 0, 'user_id');
}
general.php
<?php
function sanitize($data) {
return mysql_real_escape_string($data);
}
function output_errors($errors) {
$output = array();
foreach($errors as $error) {
$output[] = '<li>'. $error .'</li>';
}
return '<ul>' . implode ('', $output) . '</ul>';
}
?>
init.php
<?php
session_start();
require 'database/connect.php';
require 'functions/general.php';
require 'functions/users.php';
$errors = array() ;
?>
为什么要让代码变长&复杂的
我使用这个简单而漂亮的代码:
<?php
session_start(); /* Start a session on browser */
require('connect.php'); /* Get database-connection script */
$username = $_POST['username']; /* Define variable ' $username ' */
$password = $_POST['password']; /* Define variable ' $password ' */
/* Check if username or password is empty */
if(empty($username) || empty($password)) {
/* If one of the fields are empty, send user back. */
echo 'afar'; // All fields are required
} else {
/* Select usernames & passwords from our database */
$check_accpass = $dbh->query('SELECT username,password FROM `users` WHERE `username`='.$dbh->quote($username).' AND `password`='.$dbh->quote($password).'')->fetchAll();
/* Check if username & password has any matches in our database */
if($check_accpass) {
echo 'success';
/* IF they do, set $username to $_SESSION['USERNAME'] and same with password */
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
// Set cookies
// name, value, expire, path, domain, secure, httponly
setcookie("username", $username, time() + (172800 * 30), "/", NULL, TRUE, TRUE); /* 2 days = 48 hours */
setcookie("password", $password, time() + (172800 * 30), "/", NULL, TRUE, TRUE); /* 2 days = 48 hours */
// Send user to root
header('location:/');
} else {
/* if no matches are found, print the text below */
echo 'wuop'; // wrong username or password
}
}
?>