您的位置: 首页  >  技术问答  >  这是一个简单的登录页面,某处代码无法在php中工作[关闭]

这是一个简单的登录页面,某处代码无法在php中工作[关闭]

分类: 技术问答 2022-03-14 11:20:53

这是一个简单的登录页面,某处代码无法在php中工作[关闭]

问题描述:

This is my php code for a login form. Please help i check my code 4-5 time but did not reach out the problem here. The problem is that my if block is executed successfully but else part is not working. I don't what is happening here. Please tell me why my code is not executed properly.

HTML

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
    <form method="post">
        <table>
        <tr><td>User<input type="text" name="fuser"/></td></tr>
        <tr><td>Password<input type="password" name="fpassword"/></td></tr>
        <tr><td><a href="#">Lost Password</a>&nbsp;<a href="form.php">Create new Account</a></td></tr>
        <tr><td><input type="submit" name="fsubmit" value="Login"/></td></tr>
        </table>
    </form>
</body>
</html>

PHP

<?php
if(isset($_POST['fsubmit']))
{
    $hostname="localhost";
    $username="root";
    $dbpassword="";
    $db="php";

    $user=$_POST['fuser'];
    $password=$_POST['fpassword'];

    mysql_connect($hostname, $username, $dbpassword) or die("Server not Found, May be connection lost somewhere.");

    mysql_select_db($db) or die("Error Established, Database Not Connected.");

    $query="select * from register where user='$user' and password='$password'";

    $rs=mysql_query($query) or die("Query not Executed, Some Fault.");

    while($r=mysql_fetch_assoc($rs))
    {
        if($user==$r['user'] && $password==$r['password'])
        {
            echo "<script>alert('You Are Login Successfully.')</script>";
            echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
            header("Refresh:3; URL=dashboard.php");
        }
        else
        {
            echo "<script>alert('Sorry Try Agian or Register First.')</script>";
            echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
            header("Refresh:1; URL=form.php");
        }
    }
}
?>

Solution:

  • Why do you have to compare the passed-on data with the fetched data of your query? It is too redundant, and that loop will slow the process. All you have to do is to use *_num_rows if there is a match.
  • Also consider using _real_escape_string() to sanitize POST data from your form before binding it in your query, or better yet, use prepared statement.
  • Your else statement will not work because when a user enters a credential that does not exist in your database, it will not enter the loop, which tends not to read the if-else statement.

Sample Code:

$user = mysql_real_escape_string($_POST['fuser']);
$password = mysql_real_escape_string($_POST['fpassword']);

$query = "SELECT * FROM register WHERE user = '$user' AND password = '$password'";
$rs = mysql_query($query) or die("Query not Executed, Some Fault.");

if(mysql_num_rows($rs) > 0){

    echo "<script>alert('You Are Login Successfully.')</script>";
    echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
    header("Refresh:3; URL=dashboard.php");

} else {

    echo "<script>alert('Sorry Try Agian or Register First.')</script>";
    echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
    header("Refresh:1; URL=form.php");

}

Prepared Statement:

Reminder: mysql_* API is deprecated, and recommend that you use mysqli_* instead.

Establish your connection first using mysqli_*:

$con = new mysqli("localhost", "root", "", "php");

if (mysqli_connect_errno()) {
    printf("Connect failed: %s
", mysqli_connect_error());
    exit();
}

Then, proceed to your code:

$user = $_POST['fuser'];
$password = $_POST['fpassword'];

$stmt = $con->prepare("SELECT * FROM register WHERE user = ? AND password = ?");
$stmt->bind_param("ss", $user, $password);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows > 0){

    echo "<script>alert('You Are Login Successfully.')</script>";
    echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
    header("Refresh:3; URL=dashboard.php");

} else {

    echo "<script>alert('Sorry Try Agian or Register First.')</script>";
    echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
    header("Refresh:1; URL=form.php");

}
$stmt->close();

Security:

Consider also encrypting your password when storing it in your database. I suggest you use at least password_hash.

相关推荐