管理员登录无法正常工作 [英] Admin login not working correctly

问题描述

所以我遇到了管理员登录"问题，我一直在努力解决这个问题.如果你们可以查看我的代码以了解发生了什么，那将非常有帮助.所有名称都与 mysql 中的名称相匹配.错误不断出现，说我没有正确的用户名/密码......但我有！

so i'm having an issue with an "admin login" that i've been trying to make work. If you guys can check out my code to see what's going on, it would be very helpful. All of the names match what's in mysql. The error keeps coming up saying I don't have the correct username/password... but I do!

<?php

if (isset($_POST['login'])){    

$con = mysql_connect("localhost", "dxhxxx", "tcqxxx");
if (!$con){
die("Cannot connect:" . mysql_error()); 
}

mysql_select_db("dxh6110",$con);

$userName = $_POST['username'];
$passWord = $_POST['password'];

$sql = "select * from Churchadmin where username='$userName' AND      password='$passWord'";
mysql_query($sql,$con);

if(mysqli_num_rows($run)>0){

    $_SESSION['username']=$userName;
    $_SESSION['password']=$passWord;
    //if all information is good you will go to the next page
    echo "<script>window.open('view_prayers.php','_self')</script>";

    }
    //if password or username is wrong this will give them an alert
    else{
    echo "<script>alert('Admin details are incorrect!')</script>";
    }

}

mysql_close($con);

?>

推荐答案

首先，您将 MySQL 库与 mysqli_num_rows 混合使用 mysql_num_rows.

Firstly, you're mixing MySQL libraries with mysqli_num_rows use mysql_num_rows.

• 那些不同的 MySQL 函数不会相互混合.

如果您还没有开始会话，您还需要开始.

You also need to start the session if you haven't already.

• http://php.net/manual/en/session.examples.basic.php

还要确保您的表单元素包含名称属性.

Make sure also that your form elements contain name attributes.

即: 等

那么这一行:

mysql_query($sql,$con);

if(mysqli_num_rows($run)>0){

应该读作

$run = mysql_query($sql,$con);

if(mysql_num_rows($run)>0){

• 没有为它定义 $run 变量.

  错误报告会向您抛出一个未定义的变量运行...通知.

  Error reporting would have thrown you an Undefined variable run... notice.

  你也可以改变

  $run = mysql_query($sql,$con);
  

  到

  $run = mysql_query($sql,$con) or die(mysql_error($con));
  

  • 为了查看您的查询是否失败.

  我注意到您可能以纯文本形式存储密码.如果是这种情况，我们非常不鼓励这样做.

  I noticed you may be storing passwords in plain text. If this is the case, it is highly discouraged.

  我建议您使用 CRYPT_BLOWFISH 或 PHP 5.5 的 password_hash() 函数.对于 PHP <5.5 使用password_hash() 兼容包.

  I recommend you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.

  另外，关于 SQL 注入，使用 mysqli 和准备好的语句，或 带有准备好的语句的 PDO，它们更安全.

  Plus, in regards to SQL injection, use mysqli with prepared statements, or PDO with prepared statements, they're much safer.

  将错误报告添加到有助于查找错误的文件顶部.

  Add error reporting to the top of your file(s) which will help find errors.

  <?php 
  error_reporting(E_ALL);
  ini_set('display_errors', 1);
  
  // rest of your code
  

  旁注:错误报告应仅在暂存阶段进行，切勿在生产中进行.

  Sidenote: Error reporting should only be done in staging, and never production.

  这篇关于管理员登录无法正常工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！