不使用密码和用户名登录

阿里什马

我可以在不提供密码和用户名的情况下登录我的用户页面和管理页面。选择usertype并单击“登录”时,两者都才能获得LoggedIn。这是我的 login.php 代码

<?php
$servername="SERVER";
$username="USER";
$password="PWD";
$dbname="DB";
$conn = mysqli_connect($servername, $username, $password, $dbname);
echo("conneciton");
if(isset($_POST['Login'])){
$user=$_POST['user'];
$pass = $_POST['pass'];
$usertype=$_POST['usertype'];
$query = "SELECT * FROM multiuserlogin WHERE username='".$user."' and password = '".$pass."' and usertype='".$usertype."'";
$result = mysqli_query($conn, $query);
if($result){
while($row=mysqli_fetch_array($result)){
echo'<script type="text/javascript">alert("you are login successfully and you are logined as ' .$row['usertype'].'")</script>';

}
if($usertype=="admin"){
?>
<script type="text/javascript">
window.location.href="index.php"</script>
<?php

}else{
?>
<script type="text/javascript">
window.location.href="user.php"</script>
<?php

}
}else{
echo 'no result';
}
}

?>


<html>

<head>
<!-- title and meta -->
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>admin</title>
   <!-- /title and meta -->
   <script src="js/jquery.js"></script>
    <!-- Bootstrap -->
    <link href="css/bootstrap.min.css" rel="stylesheet">
    <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->

    <!-- Include all compiled plugins (below), or include individual files as needed -->
    <script src="js/bootstrap.min.js"></script>
     <link href="css/adminindex.css" rel="stylesheet"> 
</head>
<body class='bg-image'>
    <center><div class="col-md-4 col-sm-4 col-xs-10 formclass">
<form action="" method="post" name="Login_Form">
 <table>
<tr>
      <td colspan="2" align="left" valign="top"><h3>Login</h3></td>
    </tr>
    <tr>
<td  valign="top">Username:</td><td><input type="text" name="user" placeholder="enter your username"
 </td>
</tr>
<tr>
<td >Password:</td><td><input type="text" name="pass" placeholder="enter your password"</td>
</tr>
<tr>
<td>
Select user type:</td><td> <select name="usertype">

<option value="admin">admin</option>
<option value="user">user</option>
</select>
</td>
</tr>
<tr>
<td><input type="submit" name="Login" value="Login"></td>
</tr>
</table>
       </form>   </div>

 </center>
</body>
</html>

我的数据库表名是 multiuserlogin 列是用户名密码 usertype 请帮助我,我需要验证我的用户名密码,然后才能登录

罗宾·吉利策

你的 if 语句

if($result){

始终为真,因为它包含查询而不是结果。因此,您以您选择的用户类型登录。

调整数据库信息并尝试一下:

$conn = new mysqli("SERVER", "USER", "PWD", "DB");

if (!$conn->connect_error) {
  echo("connected");

  if(isset($_POST['Login'])){
    $user = $_POST['user'];
    $pass = $_POST['pass'];

    $query = "SELECT * FROM multiuserlogin WHERE username='".$user."' and password = '".$pass."' LIMIT 1";
    $result = $conn->query($query);
    $logged_user = $result->fetch_array(MYSQLI_ASSOC);
    $conn->close();

    if(is_array($logged_user) && $logged_user['username'] == $user)  {
      echo '<script type="text/javascript">alert("you are login successfully and you are logined as ' . $logged_user['usertype'] .'")</script>';
      if($logged_user['usertype'] == "admin"){
        echo '<script type="text/javascript">window.location.href="index.php"</script>';
      } else {
        echo '<script type="text/javascript">window.location.href="user.php"</script>';
      }
    } else {
    echo 'no result';
    }
  }
}

不要忘记验证以防止 SQL 注入。

本文收集自互联网,转载请注明来源。

如有侵权,请联系 [email protected] 删除。

编辑于
0

我来说两句

0 条评论
登录 后参与评论

相关文章