即使我输入了数据库中正确的密码和用户名,我的管理员登录屏幕也无法正常工作,但似乎没有人可以帮助解决我的问题,这是我的管理员登录代码
<?php
session_start();
include('../config/dbconn.php');
if($_SERVER["REQUEST_METHOD"] == "POST"){
$user_unsafe=$_POST['username'];
$pass_unsafe=$_POST['password'];
$user = mysqli_real_escape_string($dbconn,$user_unsafe);
$pass1 = mysqli_real_escape_string($dbconn,$pass_unsafe);
$pass=md5($pass1);
$salt="a1Bz20ydqelm8m1wql";
$pass=$salt.$pass;
date_default_timezone_set('Asia/Manila');
$date = date("Y-m-d H:i:s");
$query=mysqli_query($dbconn,"SELECT * FROM `admin` WHERE username='$user' AND password='$pass'");
$res=mysqli_fetch_array($query);
$id=$res['user_id'];
if (mysqli_num_rows($query)<1){
$_SESSION['msg']="Login Failed, User not found!";
header('Location:admin_login_page.php');
}
else{
$res=mysqli_fetch_array($query);
$_SESSION['id']=$res['user_id'];
header('Location: admin_index.php');
$_SESSION['id']=$id;
$remarks="has logged in the system at ";
mysqli_query($dbconn,"INSERT INTO logs(user_id,action,date) VALUES('$id','$remarks','$date')")or die(mysqli_error($dbconn));
}
}
?>
最佳答案
您要调用mysqli_fetch_array两次-一次在if之前,一次在else块中。由于查询最多应返回一行,因此第二次提取将失败。
附带说明一下,在构造SQL查询时,不应使用字符串操作,因为这样会使代码容易受到SQL注入攻击。您应该考虑使用prepared statement代替。