1. 首頁
  2. 問答
  3. 用戶存在時登錄錯誤

用戶存在時登錄錯誤

2017-05-18 98 views
-2

我對我的登錄腳本有疑問。用戶存在時登錄錯誤

我已經使用PHP,看起來像這樣登錄腳本:

<?php 

include 'headermet.php'; 
include 'database.php'; 

session_start(); 

if(isset($_SESSION['user_id'])){ 
    header("Location: /"); 
} 

if(!empty($_POST['username']) && !empty($_POST['password'])): 

    $records = $conn->prepare('SELECT id,username,password FROM users WHERE username = :username'); 
    $records->bindParam(':username', $_POST['username']); 
    $records->execute(); 
    $results = $records->fetch(PDO::FETCH_ASSOC); 

    $message = ''; 

    if(count($results) > 0 && password_verify($_POST['password'], $results['password'])){ 

     $_SESSION['user_id'] = $results['id']; 

     header("Location: /"); 

    } else { 
     $message = 'ERROR while trying to login'; 
    } 

endif; 

?> 

<body> 

    <h1 style = "margin-top:100px;">LOGIN</h1> 
     <?php if(!empty($message)): ?> 
     <p><?= $message ?></p> 
    <?php endif; ?> 

    <form action="login.php"= method="POST"> 

     <input type="text" placeholder="Gebruikersnaam" name="username"> 
     <input type="password" placeholder="Wachtwoord" name="password"> 
     <input type="submit"> 

    </form> 
</body> 

<?php include 'footer.php';?>

在我添加了一個錯誤消息,如果憑據不正確的代碼。該消息是$message = 'ERROR while trying to login'; 使用sequelpro我加入的用戶名測試用戶:測試密碼:測試 enter image description here

當我填寫與形式:測試:測試我得到這個: enter image description here

來源

2017-05-18 kevin seda

+2

好然後做一些調試,找出它出錯...是否'$結果[ '密碼']'包含的值? 'count($ results)'實際上更大的零? (順便說一句,你正試圖在你做這個檢查的時候獲取一個結果行 - 沒什麼意義。)'password_verify'的返回值是多少? ...你知道,找出爲什麼我的劇本做它做的絕對的基礎... – CBroe

+0

你的php代碼是好的。檢查你的數據庫表或數據庫連接 –

回答

1

password_verify對我來說是新的。另一種做法是,如果數據庫中存在匹配項,則可以假定在返回行時登錄成功。因此:

首先通過密碼進入SELECT檢查

$records = $conn->prepare('SELECT id,username,password FROM users WHERE username = :username AND password = :password');

記住綁定密碼以及

$records->bindParam(':password ', $_POST['password']); //Rather encrypt password

這是很好的做法,加密後的註冊,然後將密碼再次輸入登錄密碼,輸入的密碼與數據庫中的密碼匹配。

然後檢查是否有行返回

$count = $records->rowCount(); // This will return the number of rows 

    if($count > 0) //This will cause issue if more than one row is returned but illustrates the point. 
    { 
     $_SESSION['user_id'] = $results['id']; 
     header("Location: /"); 
    }

來源

2017-05-18 09:05:39

1

首先登錄腳本是不安全的u需要學習如何使用MD5或他人encrpt密碼..我prefe u使用此,並按照d步驟

<?php 
 
if (isset($_POST['save'])){ 
 
session_start(); 
 
if(isset($_SESSION['SESS_MEMBER_ID']) && $_SESSION['SESS_MEMBER_ID']!=''){header("Location:home.php");} 
 
$dbh=new PDO('mysql:dbname=dbname;hostdbhost', 'dbusername', 'dbpassword');/*Change The Credentials to connect to database.*/ 
 
$username=$_POST['username']; 
 
$password =(md5($_POST['pass'])); /*Encrpt your password with md5.*/ 
 
if(isset($_POST) && $username!='' && $password!=''){ 
 
$sql=$dbh->prepare("SELECT id,password,username FROM tablename WHERE username=?"); 
 
$sql->execute(array($username)); 
 
while($r=$sql->fetch()){ 
 
    $p=$r['password']; 
 
    $u=$r['username']; 
 
} 
 

 
if($p==$password){ 
 
      $_SESSION['SESS_MEMBER_ID']=$id; 
 
      $_SESSION['SESS_USERNAME'] = $u; 
 

 
    header("Location:home"); 
 
}else{ 
 
    header("Location: login.php?error=1"); 
 
} } 
 
} 
 

 
?> 
 

 

 
<form method="post" enctype="multipart/form-data"> 
 
\t \t \t \t \t \t <div> 
 
\t \t \t \t \t \t \t <span>Username<label>*</label></span> 
 
\t \t \t \t \t \t 
 
\t \t \t \t <input type="text" name="username" required> 
 
\t \t \t \t \t \t </div> 
 
\t \t \t \t \t \t <div> 
 
\t \t \t \t \t \t \t <span>Password<label>*</label></span> 
 
\t \t \t \t \t \t \t <input type="password" name="pass" required> 
 
\t \t \t \t \t \t </div> 
 
\t \t \t \t \t \t 
 
\t \t \t \t \t \t <input type="submit" name="save" value="Login"> 
 
\t \t \t \t \t </form>

來源

2017-05-18 09:20:43

相關問題

 相關問題