PHP mySQL密码问题,带有额外的字符 [英] PHP mySQL Password issue with extra characters
问题描述
我是php和mysql的新手.我找到了一个很棒的教程,可以在网站上创建注册和登录部分.我正在设法对其进行很好的解构并进行较小的更改.但是...
I'm very new to php and mysql. I have found a great tutorial to create a registration and log in section on a site. I'm managing to deconstruct it pretty well and make minor changes. However...
登录时,如果密码不正确,它将验证并返回错误.如果正确,它将登录.
When logging in, if the password is incorrect it validates and an error is returned. If its correct it logs in.
我的问题是,如果您输入正确的密码,但在验证或登录后都添加了额外的字符,只需进入空白页即可.这是登录页面的验证码-
The issue I have is that if you type the correct password but add extra characters after it neither validates or logs in. Just goes to a blank page. Here is the validation code for the login page -
<?php
include('db.php');
if(!isset($_POST['login']))//checking if user has entered this page directly
{
include('form.php');
}
else{
if(isset($_POST['user'])&&$_POST['user']==""||!isset($_POST['user']))
{
$error[] = "Username Field can't be left blank";
$usererror = "1";
}
if(!isset($usererror))
{
$user = mysql_real_escape_string($_POST['user']);
$sql = "SELECT * FROM users WHERE user = '$user'";
if(mysql_num_rows(mysql_query($sql))=="0")//1 means there is one entry same so we print error
{
$error[] = "Can't find a user with this username";
}
}
if(isset($_POST['pass'])&&$_POST['pass']==""||!isset($_POST['pass']))
{
$error[] = "password Field can't be left blank";
}
if(isset($error)){
if(is_array($error)){echo "<div class=\"error\"><span>please check the errors and refill the form<span><br/>";
foreach ($error as $ers) {
echo "<span>".$ers."</span><br/>";
}
echo "</div>";
include('form.php');
}
}
if(!isset($error)){
$suser=mysql_real_escape_string($_POST['user']);
$spass=md5($_POST['pass']);//for secure passwords
$find = "SELECT * FROM users WHERE user = '$suser' AND password = '$spass'";
if(mysql_num_rows(mysql_query($find))=="1"or die(mysql_error())){
session_start();
$_SESSION['username'] = $suser;
header("Location: loggedin.php");
}
else{
echo "<div class=\"warning\"><span>Some Error occured durring processing your data</div>";
}
}
}
?>
任何帮助将不胜感激...
Any help will be greatly appreciated...
编辑
我刚刚注意到,唯一的错误是没有输入密码.如果输入了错误的密码,我会得到空白的白页.任何人都可以帮助您解释为什么未验证密码吗?
I've just noticed that the only error I get is if NO password is entered. If an incorrect password is entered I get the blank white page. Can anyone help as to why the password is not being verified?
推荐答案
Looks like a logic issue. You need to use parenthesis to organize your conditionals:
if(
(isset($_POST['pass'])&&$_POST['pass']=="")
||
!isset($_POST['pass'])
)
这篇关于PHP mySQL密码问题,带有额外的字符的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
