Эй, ребята, у меня проблема. Я не получаю сообщение об ошибке, если имя входа неверно, просто пустой div, но я могу обнаружить неправильный пароль, если имя пользователя верное.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en" > <head> <title>Login | JM Today </title> <link href="Mainstyles.css" type="text/css" rel="stylesheet" /> </head> <body> <div class="container"> <?php include("header.php"); ?> <?php include("navbar.php"); ?> <?php include("cleanquery.php") ?> <div id="wrap"> <?php $conn=mysql_connect("localhost", "***", "***") or die(mysql_error()); mysql_select_db('jmtdy', $conn) or die(mysql_error()); $check=checklogin(); if($check == true){ confirmcookie($_SESSION['username'], $_SESSION['password']); } function checklogin() { if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){ $_SESSION['username'] = $_COOKIE['cookname']; $_SESSION['password'] = $_COOKIE['cookpass']; return true; } elseif(isset($_POST['sublogin'])){ if((strlen($_POST['user']) > 0) && (strlen($_POST['pass']) > 0)){ $user= mysql_real_escape_string($_POST['user']); $pass= mysql_real_escape_string($_POST['pass']); $result=mysql_query("select password from users where username='$user' and active='1'"); $dbArray=mysql_fetch_array(mysql_query("select username from users where username='$user' and active='1'")) or die(mysql_error()); $dbArray['username']= mysql_real_escape_string($dbArray['username']); if($dbArray['username'] != $user){ $msg='<p class="statusmsg">The username you entered is incorrect, or you haven\'t yet activated your account. Please try again.</p><br/>'; $status="NOTOK"; } } else{ $msg=$msg.'<p class="statusmsg">You didn\'t fill in the required fields.</p><br/>'; $status="NOTOK"; } if($status != "NOTOK"){ $dbArray=mysql_fetch_array($result) or die(mysql_error()); $dbArray['password']=mysql_real_escape_string($dbArray['password']); if($dbArray['password'] == $pass){ $_SESSION['username']=$user; $_SESSION['password']=$password; } else{ $msg=$msg.'<p class="statusmsg">The password you entered is incorrect.</p>'; $status="NOTOK"; } if(isset($_POST['remember']) && $status!="NOTOK"){ setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/"); setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/"); } } if($status=="NOTOK"){ echo $msg . '<input type="button" value="Retry" onClick="location.href='."'login.php'\">"; } else{ echo '<p class="statusmsg"> You have succesfully logged in! </p>'; } } else{ echo '<p class="statusmsg"> You came here by mistake, didn\'t you? </p>'; } } function confirmcookie($username, $password){ $result = mysql_query("select password from users where username = '$username'"); if(!$result || (mysql_num_rows($result) < 1)){ unset($_SESSION['username']); unset($_SESSION['password']); $msg=$msg.'<p class="statusmsg">The username you entered is incorrect or you have set an incorrect cookie</p>'; $status="NOTOK"; } $dbarray = mysql_fetch_array($result) or die(mysql_error()); $dbarray['password'] = cleanQuery($dbarray['password']); $password = cleanQuery($password); if($password!=$dbarray['password']){ unset($_SESSION['username']); unset($_SESSION['password']); $msg=$msg.'<p class="statusmsg">The password you entered is incorrect or you have set an incorrect cookie.</p>'; $status="NOTOK"; } if($status == "NOTOK" ){ echo $msg; } else{ header('Refresh: 5; URL="homepage.php"'); } } ?> </div> <br/> <br/> <?php include("footer.php") ?> </div> </body> </html>
Вы предполагаете, что вы всегда получаете набор результатов для
select password from users where username='$user' and active='1'
нет ветви, если это не так.
Оставьте все, если
mysql_num_rows($result)
возвращает 0