php用户登录为什么只能使用第一个用户登录,而之后创建的用户则显示不存在用户,数据库里则有创的用户。
<?phpsession_start();include("conn/conn.php");$username=$_POST['username'];$password=...
<?php
session_start();
include("conn/conn.php");
$username=$_POST['username'];
$password=$_POST['password'];
$sql="select * from tb_admin";
$query=mysql_query($sql);
$row=mysql_fetch_array($query);
if ($row['username']==$username){
if ($row['password']==$password){
$_SESSION['username']=$username;
echo "<script language='javascript'>alert('登陆成功!');location='default.php';</script>";
}
else {
echo "<script language='javascript'>alert('用户密码错误!');location='login.php';</script>";
}
}
else {
echo "<script language='javascript'>alert('用户名不存在!');location='login.php';</script>";
}
?> 展开
session_start();
include("conn/conn.php");
$username=$_POST['username'];
$password=$_POST['password'];
$sql="select * from tb_admin";
$query=mysql_query($sql);
$row=mysql_fetch_array($query);
if ($row['username']==$username){
if ($row['password']==$password){
$_SESSION['username']=$username;
echo "<script language='javascript'>alert('登陆成功!');location='default.php';</script>";
}
else {
echo "<script language='javascript'>alert('用户密码错误!');location='login.php';</script>";
}
}
else {
echo "<script language='javascript'>alert('用户名不存在!');location='login.php';</script>";
}
?> 展开
3个回答
展开全部
登录这么验证,你那样肯定是错的。就两个表:一个t_admin,一个t_session表。
db.conf这个的:
db.conf
{
"type":"mysql",
"host":"ip",
"port":3306,
"username":"root",
"password":"root"
}
<?php
function getDbConnection($conf="../conf/db.conf")
{
$c = file_get_contents($conf);
if(!$c){
throw newException("get conf failed:" . $conf);
}
$dbconf = json_decode($c,true);
if($dbconf["type"] !="mysql")
{
throw new Exception("db type" . $dbconf["type"] . " not support yet",-1);
}
$port = $dbconf['port'];
if(!$port){
$port = '3306';
}
$db = mysql_connect($dbconf['host'] . ':' .$port,
$dbconf['username'],
$dbconf['password']);
if(!$db){
throw new Exception(mysql_error());
}
return $db;
}
function login(){
$usr = $_REQUEST['name'];
$pwd = $_REQUEST['pwd'];
if(!$usr || !$pwd){
return '{code:-1,msg:"useror pwd not correct"}';
}
$db = getDbConnection();
$usr = mysql_escape_string($usr);
$pwd = mysql_escape_string($pwd);
$sql = 'select user_name,password,authfrom db_stat.t_admin where user_name = "'
. $usr . '" and password ="'
. $pwd . '"';
$rlt = mysql_query($sql) ;
if(!$rlt){
$ret =array("code"=>-1,"msg"=>mysql_error());
return json_encode($ret);
}
$rows = array();
while($row =mysql_fetch_array($rlt,MYSQL_NUM)){
array_push($rows,$row);
}
mysql_free_result($rlt);
if(count($rows) != 1){
return '{code:-1,msg:"user or pwdnot correct"}';
}
$sk = md5($usr . $pwd . time());
$ip = $_SERVER["REMOTE_ADDR"];
$sql = 'insert db_stat.t_sessions(user_name,tocken,login_time,update_time,ip) values("'
. $usr . '","'
. $sk . '",'
. time() . ','
. time() . ',"'
. $ip . '") on duplicate keyupdate '
. 'tocken="' . $sk . '",'
. 'login_time=' . time() . ','
. 'update_time=' . time() . ','
. 'ip="' . $ip . '"';
if(!mysql_query($sql)){
$ret =array("code"=>-1,"msg"=>mysql_error());
return json_encode($ret);
}
mysql_close();
$ret =array("code"=>0,"msg"=>"success","auth"=>$rows[0][2]);
$et = time() + 7 * 24 * 3600;
setcookie('usr',$usr,$et,"/");
setcookie('sk',$sk,$et,"/");
return json_encode($ret);
}
function verify(){
if(!isset($_COOKIE['usr']) ||!isset($_COOKIE['sk'])){
return'{code:-1,msg:"verify failed"}';
}
$db = getDbConnection();
$usr =mysql_escape_string($_COOKIE['usr']);
$sk =mysql_escape_string($_COOKIE['sk']);
$sql = 'select login_time from
db_stat.t_sessions where user_name = "' . $usr . '" and tocken =
"' . $sk . '"';
$rlt = mysql_query($sql) ;
if(!$rlt){
mysql_close();
$ret =array("code"=>-1,"msg"=>mysql_error());
return json_encode($ret);
}
$rows = array();
while($row = mysql_fetch_array($rlt,MYSQL_NUM)){
array_push($rows,$row);
}
mysql_free_result($rlt);
if(count($rows) != 1){
mysql_close();
return '{code:-1,msg:"user or pwdnot correct"}';
}
$loginTime = $rows[0][0];
return '{code:0,msg:"success"}';
}
try{
if($_REQUEST['act'] =="login"){
echo login();
}
else if($_REQUEST['act'] =="verify"){
echo verify();
}
}
catch(Exception$e){
$ret =array("code"=>-1,"msg"=>$e->getMessage());
echo json_encode($ret);
}
db.conf这个的:
db.conf
{
"type":"mysql",
"host":"ip",
"port":3306,
"username":"root",
"password":"root"
}
<?php
function getDbConnection($conf="../conf/db.conf")
{
$c = file_get_contents($conf);
if(!$c){
throw newException("get conf failed:" . $conf);
}
$dbconf = json_decode($c,true);
if($dbconf["type"] !="mysql")
{
throw new Exception("db type" . $dbconf["type"] . " not support yet",-1);
}
$port = $dbconf['port'];
if(!$port){
$port = '3306';
}
$db = mysql_connect($dbconf['host'] . ':' .$port,
$dbconf['username'],
$dbconf['password']);
if(!$db){
throw new Exception(mysql_error());
}
return $db;
}
function login(){
$usr = $_REQUEST['name'];
$pwd = $_REQUEST['pwd'];
if(!$usr || !$pwd){
return '{code:-1,msg:"useror pwd not correct"}';
}
$db = getDbConnection();
$usr = mysql_escape_string($usr);
$pwd = mysql_escape_string($pwd);
$sql = 'select user_name,password,authfrom db_stat.t_admin where user_name = "'
. $usr . '" and password ="'
. $pwd . '"';
$rlt = mysql_query($sql) ;
if(!$rlt){
$ret =array("code"=>-1,"msg"=>mysql_error());
return json_encode($ret);
}
$rows = array();
while($row =mysql_fetch_array($rlt,MYSQL_NUM)){
array_push($rows,$row);
}
mysql_free_result($rlt);
if(count($rows) != 1){
return '{code:-1,msg:"user or pwdnot correct"}';
}
$sk = md5($usr . $pwd . time());
$ip = $_SERVER["REMOTE_ADDR"];
$sql = 'insert db_stat.t_sessions(user_name,tocken,login_time,update_time,ip) values("'
. $usr . '","'
. $sk . '",'
. time() . ','
. time() . ',"'
. $ip . '") on duplicate keyupdate '
. 'tocken="' . $sk . '",'
. 'login_time=' . time() . ','
. 'update_time=' . time() . ','
. 'ip="' . $ip . '"';
if(!mysql_query($sql)){
$ret =array("code"=>-1,"msg"=>mysql_error());
return json_encode($ret);
}
mysql_close();
$ret =array("code"=>0,"msg"=>"success","auth"=>$rows[0][2]);
$et = time() + 7 * 24 * 3600;
setcookie('usr',$usr,$et,"/");
setcookie('sk',$sk,$et,"/");
return json_encode($ret);
}
function verify(){
if(!isset($_COOKIE['usr']) ||!isset($_COOKIE['sk'])){
return'{code:-1,msg:"verify failed"}';
}
$db = getDbConnection();
$usr =mysql_escape_string($_COOKIE['usr']);
$sk =mysql_escape_string($_COOKIE['sk']);
$sql = 'select login_time from
db_stat.t_sessions where user_name = "' . $usr . '" and tocken =
"' . $sk . '"';
$rlt = mysql_query($sql) ;
if(!$rlt){
mysql_close();
$ret =array("code"=>-1,"msg"=>mysql_error());
return json_encode($ret);
}
$rows = array();
while($row = mysql_fetch_array($rlt,MYSQL_NUM)){
array_push($rows,$row);
}
mysql_free_result($rlt);
if(count($rows) != 1){
mysql_close();
return '{code:-1,msg:"user or pwdnot correct"}';
}
$loginTime = $rows[0][0];
return '{code:0,msg:"success"}';
}
try{
if($_REQUEST['act'] =="login"){
echo login();
}
else if($_REQUEST['act'] =="verify"){
echo verify();
}
}
catch(Exception$e){
$ret =array("code"=>-1,"msg"=>$e->getMessage());
echo json_encode($ret);
}
追问
我用户登录可以使用,但只能读取数据库第一个用户,后添加的不行。
展开全部
没见过这样做用户登录的
$sql = "select * from tb_admin where username = '".$username."' and password = '".$password."'";
echo $sql;
这样做
$sql = "select * from tb_admin where username = '".$username."' and password = '".$password."'";
echo $sql;
这样做
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
推荐律师服务:
若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询