问题描述:

I design a log in page and i want to match the username and password with saved data from database and open the dashboard page here is my html code.

> <form class="m-t" role="form" method="post" action="dashboard_4.html">

> <div class="form-group">

> <input type="email" class="form-control" placeholder="Username" class="form-control" required=""

> name="logemail">

> </div>

> <div class="form-group">

> <input type="password" class="form-control" placeholder="Password" class="form-control" required=""

> name="logpass">

> </div>

> <button type="submit" class="btn btn-primary block full-width m-b" id="login" name ="submit">Login</button>

>

> <a href="login.html#"><small>Forgot password?</small></a>

> <p class="text-muted text-center"><small>Do not have an account?</small></p>

> <a class="btn btn-sm btn-white btn-block" href="register.html">Create an account</a>

> </form>

and here is my php code:

<?php

$servername = "localhost";

$username = "sehnoqta_userbmc";

$password = "u?gQ=uS%t;a?";

$dbname = "sehnoqta_bmc";

if(isset($_POST['submit']))

{

$username = $_POST['logemail'];

$password = $_POST['logpass'];

$con=mysqli_connect("localhost","sehnoqta_userbmc","?gQ=uS%t;a?","rsehnoqta_bmc");

// Check connection

if (mysqli_connect_errno())

{

echo "Failed to connect to MySQL: " . mysqli_connect_error();

}

$qz = "SELECT * FROM regis where email1='".$username."' and password3='".$password."'" ;

$qz = str_replace("\'","",$qz);

$result = mysqli_query($con,$qz);

$row = mysqli_num_rows($result);

if($row == 1)

{

header("location:new_page.php");

exit();

}

mysqli_close($con);

}

?>

but it open the page even i type the username and password incorrect, is there any problem with my code or any....

网友答案:

You are using different variables to your connection. Use same username and passwords, otherwise you will have access denied. I just removed your css and simplified few things. (note: this is a solution for the mentioned question with its code provided. It is not a solution for data expose and security reasons)

File: login.php

<html>
<head>
<meta charset="utf-8">
<title>LogIn.php</title>
</head>
<body align="center">

 <form name="form" method="post" action="dashboard_4.php">
    <div >
        <input type="email" placeholder="Username" name="logemail">
    </div>

    <div >
        <input type="password" placeholder="Password" name="logpass">
    </div>

    <button type="submit" id="login" name ="submit">Login</button>

    <a ><small>Forgot password?</small></a>
    <p ><small>Do not have an account?</small></p>
    <a >Create an account</a>
</form>
</body>
</html>

File dashboard_4.php

<?php
    $servername = "localhost";
    $username = "sehnoqta_userbmc";
    $password = "u?gQ=uS%t;a?";
    $dbname = "sehnoqta_bmc";

    $con = mysqli_connect("localhost","sehnoqta_userbmc","u?gQ=uS%t;a?","sehnoqta_bmc");
    // Check connection
    if (mysqli_connect_errno()){
        echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }

    if(isset($_POST['submit'])){
        $username = $_POST['logemail'];
        $password = $_POST['logpass'];

        $qz = "SELECT * FROM regis WHERE email1='$username' and password3='$password' ";
        //echo $qz."<br/>";

        $result = mysqli_query($con,$qz);

        //$temp=mysqli_fetch_assoc($result);
        //echo $temp['email1']." ".$temp['password3'];;

        $row = mysqli_num_rows($result);
        if($row == 1){
            header("location:new_page.php");
            exit();
        }//else {echo "no record combination";}
        mysqli_close($con);
    }
?>
网友答案:

why dont you try:

<?php  
$servername = "localhost";
$username = "sehnoqta_userbmc";
$password = "u?gQ=uS%t;a?";
$dbname = "sehnoqta_bmc";

if(isset($_POST['submit']))
{
$username = htmlspecialchars($_POST['logemail']);
$password = htmlspecialchars ($_POST['logpass']);

$con=mysqli_connect("localhost","sehnoqta_userbmc","?gQ=uS%t;a?","rsehnoqta_bmc");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

$username = mysqli_real_escape_string($con , $username);
$password = mysqli_real_escape_string($con , $password);
$qz = "SELECT * FROM `regis` where `email1` = '$username' and `password3` ='$password'" ; 

$result = mysqli_query($con,$qz);
$row = mysqli_num_rows($result);
if($row == 1)
  {
  header("location:new_page.php");
exit();
  }
mysqli_close($con);
}
?>
相关阅读:
Top