UC知道求助 php中session验证用户登录的使用```
来源:百度知道 编辑:UC知道 时间:2024/05/18 00:43:40
高手介绍一下下面的session的使用详解,表的用户名,密码都不能登录,如果去悼session值,便可以登陆,请高手指点指点这是什么问题!~或是表建错了吗?应该怎么解决
<?php
session_start();
include("dbconnect.inc.php");
if($_GET["do"]=="logout") {
session_unset();
header("Location:index.php");
}
if($_GET["do"] == "1") {
$username = mysql_real_escape_string($_POST["username"]);
$password = $_POST["password"];
$message = "";
if($username == "") {
$message .= "用名不能为空<br />";
}
if($password == "") {
$message .= "密码不能为空<br />";
}
if($message == "") {
$sql = "select * from user where username='{$username}' and leves='admin' limit 1";
if($res=mysql_query($sql)) {
$row = mysql_fetch_array($res);
if(md5($password) == $row["password"]
<?php
session_start();
include("dbconnect.inc.php");
if($_GET["do"]=="logout") {
session_unset();
header("Location:index.php");
}
if($_GET["do"] == "1") {
$username = mysql_real_escape_string($_POST["username"]);
$password = $_POST["password"];
$message = "";
if($username == "") {
$message .= "用名不能为空<br />";
}
if($password == "") {
$message .= "密码不能为空<br />";
}
if($message == "") {
$sql = "select * from user where username='{$username}' and leves='admin' limit 1";
if($res=mysql_query($sql)) {
$row = mysql_fetch_array($res);
if(md5($password) == $row["password"]
代码没有问题。你所谓的“如果去悼session值”是去掉哪一段代码?试试这一行改一下。
if(md5($password) == $row["password"]) {
改成
if($password == $row["password"]) {
<?php
session_start();
include("config.inc.php");
include("dbconnect.inc.php");
if($_GET["do"]=="logout") {
session_unset();
header("Location:index.php");
}
if($_GET["do"] == "1") {
$username = mysql_real_escape_string($_POST["username"]);
$password = $_POST["password"];
$message = "";
if($username == "") {
$message .= "用名不能为空<br />";
}
if($password == "") {
$message .= "密码不能为空<br />";
}
if($message == "") {
$sql = "select * from user where username='{$username}' and leves='admin' limit 1&quo