Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
189 views
in Technique[技术] by (71.8m points)

php - Admin login not working correctly

so i'm having an issue with an "admin login" that i've been trying to make work. If you guys can check out my code to see what's going on, it would be very helpful. All of the names match what's in mysql. The error keeps coming up saying I don't have the correct username/password... but I do!

<?php

if (isset($_POST['login'])){    

$con = mysql_connect("localhost", "dxhxxx", "tcqxxx");
if (!$con){
die("Cannot connect:" . mysql_error()); 
}

mysql_select_db("dxh6110",$con);

$userName = $_POST['username'];
$passWord = $_POST['password'];

$sql = "select * from Churchadmin where username='$userName' AND      password='$passWord'";
mysql_query($sql,$con);

if(mysqli_num_rows($run)>0){

    $_SESSION['username']=$userName;
    $_SESSION['password']=$passWord;
    //if all information is good you will go to the next page
    echo "<script>window.open('view_prayers.php','_self')</script>";

    }
    //if password or username is wrong this will give them an alert
    else{
    echo "<script>alert('Admin details are incorrect!')</script>";
    }

}

mysql_close($con);

?>
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Firstly, you're mixing MySQL libraries with mysqli_num_rows use mysql_num_rows.

  • Those different MySQL functions do not intermix with each other.

You also need to start the session if you haven't already.

Make sure also that your form elements contain name attributes.

I.e.: <input type="text" name="username"> etc.

Then this line:

mysql_query($sql,$con);

if(mysqli_num_rows($run)>0){

that should read as

$run = mysql_query($sql,$con);

if(mysql_num_rows($run)>0){
  • There is no $run variable defined for it.

  • Error reporting would have thrown you an Undefined variable run... notice.

You may also change

$run = mysql_query($sql,$con);

to

$run = mysql_query($sql,$con) or die(mysql_error($con));
  • In order to see if your query failed.

I noticed you may be storing passwords in plain text. If this is the case, it is highly discouraged.

I recommend you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.

Plus, in regards to SQL injection, use mysqli with prepared statements, or PDO with prepared statements, they're much safer.

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

Sidenote: Error reporting should only be done in staging, and never production.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...