开发者

Help PHP Login not working correctly?

问答 作者:

Ok so I am trying create a login script, here I am using PHP5 and mysqli, I would to ask if you could let me know why it keeps just returning "the error: your username and password does not match any in our db"? when I have created the an account and it clearly does? It's probably something obvious I've missed. Heres the code...

//Check if the form has been submitted

if (isset($_POST['login'])) { 

//Check if username and password are empty
if ($_POST['username']!='' && $_POST['password']!='') 
{       
    //Create query to check username and password to database
    $validate_user = $mysqli->query('SELECT id, username, password, active FROM users WHERE ="'.$mysqli->real_escape_string(md5($_POST['username'])).' AND password = "'.$mysqli->real_escape_string(md5($_POST['password'])).'"');

    //We check if the query returns true
    if ($validate_user->num_rows == 1)
    {
        $row = $validate_user->fetch_assoc();

        //Check if the user has acti开发者_运维问答vated there account
        if ($row['activated'] == 1)
        {
            $_SESSION['id'] = $row['id'];
            $_SESSION['logged_in'] = true;
            Header('Location: ../main/index.php');
        }
        //Show this error if activation returns as 0
        else {
            $error = '<p class="error">Please activate your account.</p>';
        }
    }
        //Show this error if the details matched any in the db
        else {      
            $error = '<p class="error">Your username and password are not in our database!</p>';        
        }
    }
        //Show this error if the username and password field have not been entered
        else {
            $error = '<p class="error">Please enter your username and password.</p>';
        }

}

Your query, simplified, looks like:

SELECT id, username, password, active FROM users WHERE ="'.md5(<username>).' AND password = "'.md5(<password>).'"')

I'm sure it should be:

SELECT id, username, password, active FROM users WHERE username="'.<username>.' AND password = "'.md5(<password>).'"')

The line:

$validate_user = $mysqli->query('SELECT id, username, password, active FROM users WHERE ="'.$mysqli->real_escape_string(md5($_POST['username'])).' AND password = "'.$mysqli->real_escape_string(md5($_POST['password'])).'"');

probably should be:

$validate_user = $mysqli->query('SELECT id, username, password, active FROM users WHERE username ="'.$mysqli->real_escape_string(md5($_POST['username'])).' AND password = "'.$mysqli->real_escape_string(md5($_POST['password'])).'"');

The query does not contain "username=" after the WHERE clause, so it should probably be:

$mysqli->query('SELECT id, username, password, active FROM users WHERE username ="'.$mysqli->real_escape_string(md5($_POST['username'])).' AND password = "'.$mysqli->real_escape_string(md5($_POST['password'])).'"');

继续阅读:authenticationmysqliphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9