0
我是PHP新手,我創建了一個登錄方法。當我提交的數據,即使該值不匹配「如果」正在執行PHP登錄 - 如果聲明執行即使沒有匹配
聲明我的代碼:
<?php
// include db configuration
include("./config.php");
// converting data to JSON
$data = json_decode(file_get_contents("php://input"));
//assigning input to variables
$user_name = $data->user_name;
$password = hash('sha256', $data->password);
$tokenUser = hash('sha256', $data->user_name);
//checking username and password
$getUserInfo = $db->query("SELECT user_name FROM user WHERE user_name='$user_name' AND password='$password'");
//getting user information
$getUserInfo = $getUserInfo->fetchAll();
$token;
if (count($getUserInfo == 1))
{
//creating a token for user authentication
$token = $tokenUser . " | " . uniqid() . uniqid() . uniqid();
$q = "UPDATE user SET token=:token WHERE user_name=:user_name AND password=:password";
$query = $db->prepare($q);
$execute = $query->execute(array(
":token" => $token,
":user_name" => $user_name,
":password" => $password
));
$response = array(
'user_name' => $user_name,
'token' => $token,
'access' => 'Granted'
);
echo json_encode($response);
}
else
{
$error = array(
'status' => 'error',
'message' => 'Username or Password is invlid'
);
echo json_encode($error);
}
?>
如何驗證這一點,是代碼正確的,需要一些澄清
'if(count($ getUserInfo == 1))'應該如下:if(count($ getUserInfo)== 1)' – hassan
@HassanAhmed - 您應該將它作爲答案發布。 –
您對用戶名和密碼進行了哈希處理?爲什麼?用戶名通常不被認爲是敏感的。 – GordonM