<?php session_start();
$conn=mysql_connect("localhost","admin","admin") or die ("数据库链接错误".mysql_error());
mysql_select_db('member',$conn) or die("选择数据库有错".mysql_error()); define(ALL_PS, "php123");if($_POST[submit])
{
$username=str_replace(" ","",$_POST[username]);
$sql="select * from user_list where 'username' ='$username'";
$query=mysql_query($sql);
$ps = $us ? md5($_POST[password].ALL_PS)==$row[password] : FALSE;if($ps){
$_SESSION[uid]=$row[uid];
$_SESSION[user_shell]=md5($row[username].$row[password].ALL_PS);
echo "ok";
}else{
echo "no";
}}?><form action="" method="post"">
用户:<input type="text" name="user" /><br />
密码:<input type="password" name="password" /><br />
<input type="submit" name="submit" value="tttt" />
</form>
总是输出no
$conn=mysql_connect("localhost","admin","admin") or die ("数据库链接错误".mysql_error());
mysql_select_db('member',$conn) or die("选择数据库有错".mysql_error()); define(ALL_PS, "php123");if($_POST[submit])
{
$username=str_replace(" ","",$_POST[username]);
$sql="select * from user_list where 'username' ='$username'";
$query=mysql_query($sql);
$ps = $us ? md5($_POST[password].ALL_PS)==$row[password] : FALSE;if($ps){
$_SESSION[uid]=$row[uid];
$_SESSION[user_shell]=md5($row[username].$row[password].ALL_PS);
echo "ok";
}else{
echo "no";
}}?><form action="" method="post"">
用户:<input type="text" name="user" /><br />
密码:<input type="password" name="password" /><br />
<input type="submit" name="submit" value="tttt" />
</form>
总是输出no
在你的代码中 $ps 没有机会为真,所以只能输出 no代码中唯一对 $ps 赋值的地方是
$ps = $us ? md5($_POST[password].ALL_PS)==$row[password] : FALSE;
由于 $us 没有被赋值,所以 $ps 只能为 FALSEif($_POST[submit])
{
$username=str_replace(" ","",$_POST[username]);
$sql="select * from user_list where 'username' ='$username'";
$query=mysql_query($sql);
$ps = $us ? md5($_POST[password].ALL_PS)==$row['password'] : FALSE;
应写作:
if($_POST['submit'])
{
$username=str_replace(" ","",$_POST['username']);
$sql="select * from user_list where `username` ='$username'";
$query=mysql_query($sql);
$row = mysql_fetch_assoc($query);
$ps = $row['username'] ? md5($_POST['password'].ALL_PS)==$row[password] : FALSE;
{
$username=str_replace(" ","",$_POST[username]);
$sql="select * from user_list where 'username' ='$username'";
$query=mysql_query($sql);
$us = is_array($row=mysql_fetch_array($query));
$ps = $us ? md5($_POST[password].ALL_PS)==$row[password] : FALSE;if($ps){
$_SESSION[uid]=$row[uid];
$_SESSION[user_shell]=md5($row[username].$row[password].ALL_PS);
echo "ok";
}else{
echo "no";
}}
session_start();
$conn=mysql_connect("localhost","admin","admin") or die ("数据库链接错误".mysql_error());
mysql_select_db('member',$conn) or die("选择数据库有错".mysql_error()); define(ALL_PS, "php123");if($_POST['submit'])
{
$username=str_replace(" ","",$_POST['username']);
$sql="select * from user_list where `username` ='$username'";
$query=mysql_query($sql); $row = mysql_fetch_assoc($query);
$ps = $row['username'] ? md5($_POST['password'].ALL_PS)==$row[password] : FALSE;if($ps){
$_SESSION[uid]=$row[uid];
$_SESSION[user_shell]=md5($row[username].$row[password].ALL_PS);
echo "ok";
}else{
echo "no";
}}?><form action="" method="post"">
用户:<input type="text" name="user" /><br />
密码:<input type="password" name="password" /><br />
<input type="submit" name="submit" value="tttt" />
</form>
这样也不行啊。
你一个一个试,永远也找不到原因的
你先一步步把你的值用var_dump打印出来,看看结果吧
我们只是帮你分析出可能的原因
$sql="select * from user_list where 'username' ='$username'";
$query=mysql_query($sql);
$us = is_array($row=mysql_fetch_array($query));
把你修改后的HTML和PHP全贴出来。
<?php
error_reporting(0);
/*
* Created on 2013-1-22
*
* To change the template for this generated file go to
* Window - Preferences - PHPeclipse - PHP - Code Templates
*/
session_start();
$conn=mysql_connect("localhost","admin","admin") or die ("数据库链接错误".mysql_error());
mysql_select_db('member',$conn) or die("选择数据库有错".mysql_error()); define(ALL_PS, "php123");
?>
//user.php<?php
/*
* Created on 2013-1-22
*
* To change the template for this generated file go to
* Window - Preferences - PHPeclipse - PHP - Code Templates
*/
include("config.php");if($_POST[submit])
{
$username=str_replace(" ","",$_POST[username]);
//$sql="select * from user_list where username =`$username`";
$sql="select * from user_list where 'username' ='$username'";
$query=mysql_query($sql);
$us = is_array($row=mysql_fetch_array($query));
$ps = $us ? md5($_POST[password].ALL_PS)==$row[password] : FALSE;if($ps){
$_SESSION[uid]=$row[uid];
$_SESSION[user_shell]=md5($row[username].$row[password].ALL_PS);
echo "ok";
}else{
echo "no"."<br />";
echo var_dump($row);
}}?><form action="" method="post"">
用户:<input type="text" name="username" /><br />
密码:<input type="password" name="password" /><br />
<input type="submit" name="submit" value="tttt" />
</form>
就这两个代码。
数据库里的:
member
数据表 user_list
结构:uid m_id username password里面有两条测试数据
admin admin
明码的话用
$ps = $us ? $_POST['password']==$row['password'] : FALSE;
我是用的md5加密的啊 admin 21232f297a57a5a743894a0e4a801fc3
这句还是不行。但是$row有数据了
echo var_dump($row);
输出:array(8) { [0]=> string(1) "1" ["uid"]=> string(1) "1" [1]=> string(1) "1" ["m_id"]=> string(1) "1" [2]=> string(5) "admin" ["username"]=> string(5) "admin" [3]=> string(32) "21232f297a57a5a743894a0e4a801fc3" ["password"]=> string(32) "21232f297a57a5a743894a0e4a801fc3" } 全是还是不能输出OK
原来是这句:$ps = $us ? md5($_POST[password].ALL_PS)==$row[password] : FALSE; 返回的$PS值是FALSE
改成:$ps = $us ? md5($_POST[password])==$row[password] : FALSE; 这样就可以了
就是把.ALL_PS去掉?不过好像得在哪里改。
按照你这么说,是在你注册时 将用户写的密码在进行md5转码时没有加上ALL_PS