1. 首頁
  2. 問答
  3. 使用SQL檢查數據庫中是否存在用戶

使用SQL檢查數據庫中是否存在用戶

2014-05-23 103 views
0

我試圖檢查名爲members的表以查看用戶是否存在電子郵件和密碼。我可以連接到數據庫,但由於某種原因,即使我輸入了錯誤的電子郵件或密碼,它也會跳轉所有這些if語句和回聲'You have been logged in!'?這裏是HTML和PHP:使用SQL檢查數據庫中是否存在用戶

<form action="/login-user" method="POST"> 
    Email: <input type="text" name="login_email"><br> 
    Password: <input type="password" name="login_password"><br> 
    <button type="submit">Login</button> 
</form>

PHP:文件'user-functions.php'

<?php 
    session_start(); 
    /*error_reporting(0);*/ 

    require 'users/functions/user-functions.php'; 

    require 'users/connect-database.php'; 

    if (empty($_POST) === false) { 
     $email = mysqli_real_escape_string($connection, $_POST['login_email']); 
     $password = stripslashes(mysqli_real_escape_string($connection, $_POST['login_password'])); 
     $encrypted_password = md5($password); 
     if (empty($email)) { 
      echo 'You need to enter an email<br>'; 
     } else if (empty($password)) { 
      echo 'You need to enter a password<br>'; 
     } else if(user_exists($connection, $email, $encrypted_password) === false) { 
      echo 'You don\'t seem to be registered?'; 
     } else if (user_active($connection, $email, $encrypted_password) === false) { 
      echo 'You haven\'t activated your account!'; 
     } else { 
      $login = login($connection, $email, $encrypted_password); 
      if ($login === false) { 
       echo 'That email/password combination is incorrect'; 
      } else { 
       $_SESSION['user_id'] = $login; 
       $_SESSION['logged_in'] = true; 
       echo 'You have been logged in!'; 
      } 
     } 
    /*print_r($errors);*/ 
} else { 
    echo 'inputs were empty<br>'; 
} 
require 'users/disconnect-database.php'; 
?>

內容:

<?php 
    function sanitize($connection, $data) { 
     return mysqli_real_escape_string($connection, $data); 
    } 
    function logged_in() { 
     return $_SESSION['logged_in']; 
    } 
    function user_exists($connection, $email, $password) { 
     $query = mysqli_num_rows(mysqli_query($connection, "SELECT * FROM members WHERE email = '$email' AND password = '$password'")); 
     return ($query > 0) ? true : false; 
    } 
    function user_active($connection, $email, $password) { 
     $query = mysqli_query($connection, "SELECT user_id FROM members WHERE email = '$email' AND password = '$password' AND `active` = 1"); 
     return ($query !== false) ? true : false; 
    } 
    function return_user_id($connection, $email, $password) { 
     return mysqli_query($connection, "SELECT user_id FROM members WHERE email = '$email' AND password = '$password'"); 
} 
    function login($connection, $email, $password) { 
     /*$user_id = mysql_result(mysqli_query($connection, "SELECT user_id FROM members WHERE email = '$email' AND password = '$password'"), 0, 'user_id');*/ 
     /*$password = md5($password);*/ 
     $query = mysqli_query($connection, "SELECT user_id FROM members WHERE email = '$email' AND password = '$password'"); 
     /*return (mysqli_query($connection, $query) or die (false));*/ 
     if ($query === false) { 
      return false; 
     } else { 
      return $query; 
     } 
    /*return ($query !== false) ? true : false;*/ 
    } 
    function log_out() { 
     unset($_SESSION['logged_in']); 
     session_unset();   
     session_destroy(); 
    } 
?>

如果答案是使用mysql_resultmysqli_result,請在全面詳細講解因爲即使閱讀了手冊和W3School以及其他地方,我仍然不明白這些功能是如何工作的。

感謝您的任何答案,順便說一下,我have瞭解這個東西的所有其他職位,但我沒有找到任何答案。謝謝。

來源

2014-05-23 BestAnswer

回答

1

首先,我真的建議使用sha來加密密碼,因爲md5很快就被解密了。

您的登錄功能,請嘗試以下操作:

<?php 
function login($connection, $email, $password) { 
    $query = mysqli_query($connection, "SELECT `email`, `password` FROM `members` WHERE `email` = '$email' AND `password` = '$password'"); 
    $count = mysqli_num_rows($query); //counting the number of returns 

    //if the $count = 1 or more return true else return false 
    if($count >= 1) { 
     return true; 
    } else { 
     return false; 
    } 
} 
?>

腳本返回真後,你可以設置會話或你需要用它做什麼。

編輯你需要session_start在每個文件中,所以最好的事情就是包括這個。 我希望這個作品我鍵入它真的快,所以有可能是在它的一些錯誤,但是請讓我知道:

<?php 
function generate($password) { 
    $password = hash('sha1', $password); 
    return $password; 
} 

function login($connection, $email, $password) { 
    $password = generate($password); 

    $query = mysqli_query($connection, "SELECT `email`, `password` FROM `members` WHERE `email` = '$email' AND `password` = '$password'"); 
    $count = mysqli_num_rows($query); //counting the number of returns 

    //if the $count = 1 or more return true else return false 
    if($count >= 1) { 
     return true; 
    } else { 
     return false; 
    } 
} 

function exists($connection, $detail, $table, $row, $value) { 
    $query = mysqli_query($connection, "SELECT `$detail` FROM `$table` WHERE `$row` = '$value'"); 
    $count = mysqli_num_rows($query); 

    if($count >= 1) { 
     return true; 
    } else { 
     return false; 
    } 
} 

function detail($connection, $detail, $table, $row, $value) { 
    $query = mysqli_query($connection, "SELECT `$detail` FROM `$table` WHERE `$row` = '$value'"); 
    $associate = mysqli_fetch_assoc($query); 

    return $associate[$detail]; 
} 

function errors($error) { 
    echo '<ul class="error">'; 
    foreach($error as $fault) { 
     echo '<li>'.$fault.'<li>'; 
    } 
    echo '</ul>'; 
} 

function isLoggedIn() { 
    if(!empty($_SESSION['logged_in']) && exists($connection, 'id', 'members', 'id', $_SESSION['logged_in']) == true) { 
     return true; 
    } else { 
     return false; 
    } 
} 

function logout() { 
    unset($_SESSION['logged_in']); 
} 

if($_POST) { 
    $email = mysqli_real_escape_string($connect, strip_tags($_POST['email'])); 
    $password = mysqli_real_escape_string($connect, strip_tags($_POST['password'])); 

    if(!empty($email) && !empty($password)) { 
     if(!filter_var($email, FILTER_VALIDATE_EMAIL)) { 
      $error[] = 'Your email: '.$email.' is not valid'; 
     } 

     if(exists($connection, 'email', 'members', 'email', $email) == false) { 
      $error[] = 'You are not registered'; 
     } 

     if(detail($connection, 'active', 'members', 'email', $email) != 1) { 
      $error[] = 'Your account is not activated'; 
     } 

     if(empty($error)) { 
      $query = login($connection, $email, $password); 

      if($query == true) { 
       $_SESSION['logged_in'] == detail($connection, 'id', 'members', 'email', $email); 
      } 
     } 
    } else { 
     $error[] = 'There are empty fields'; 
    } 

    if(!empty($error)) { 
     echo errors($error); 
    } 
} 
?> 

<form action="" method="POST"> 
    Email: <input type="text" name="email"><br> 
    Password: <input type="password" name="password"><br> 
    <input type="submit" value="Login"> 
</form>

來源

2014-05-23 16:42:56 SuperDJ

+0

做我需要通過'$ connection'爲'mysqli_num_rows'? – BestAnswer

+0

@codeshackel不,你沒有,但我在幾分鐘內改善我的答案 – SuperDJ

+0

密碼以sha1形式存儲在數據庫中,所以我不應該將'$ encrypted_pa​​ssword'傳遞給查詢? – BestAnswer

相關問題

 相關問題