1. 首頁
  2. 問答
  3. 登錄表單驗證始終表示錯誤用戶詳細信息

登錄表單驗證始終表示錯誤用戶詳細信息

2016-02-04 48 views
0

此登錄表單驗證的php代碼。爲什麼它總是返回'錯誤的用戶數據'(Грешниданни!)。 $ name & $ pass1來自其他文件中的登錄表單。激活的 $值爲0 || 1,並且看用戶是否通過電子郵件確認了註冊。登錄表單驗證始終表示錯誤用戶詳細信息

<?php 

    //connection with database 
    require "db_connect.php"; 
    require "password_compat-master/lib/password.php"; 

    $name = mysqli_real_escape_string($conn, stripslashes(trim(filter_input(INPUT_POST, 'name')))); 
    $pass1 = mysqli_real_escape_string($conn, stripslashes(trim(filter_input(INPUT_POST, 'pass1')))); 

    $errorName = ''; 
    $errorPass1 = ''; 
    $feedback = ''; 

    $mainError = false; 

    //get hash 
    $retHash = "SELECT password FROM users WHERE user_name='$name'"; 
    $query_retHash = mysqli_query($conn, $retHash); 

    $row = mysqli_fetch_array($query_retHash); 
    $hash = $row['password']; 

    //get name 
    $retName = "SELECT user_name FROM users WHERE user_name='$name'"; 
    $query_retName = mysqli_query($conn, $retName); 

    $row = mysqli_fetch_array($query_retName); 
    $uname = $row['user_name']; 

    //get 'activated' 
    $retAct = "SELECT user_name FROM users WHERE user_name='$name'"; 
    $query_retAct = mysqli_query($conn, $retAct); 

    $row = mysqli_fetch_array($query_retAct); 
    $activated = $row['activated']; 



    if (filter_input_array(INPUT_POST)) { 

     if ($name !== $uname) { 
      $mainError = true; 
     } 

     if (!password_verify($pass1, $hash)) { 
      $mainError = true; 
     } 

     if ($activated != 1) { 
      $mainError = true; 
     } 

     if (!$mainError) { 
      $feedback = 'Здравей,' . $name . '!'; 
     } else { 
      $feedback = 'Грешни данни!'; 
     } 
    } 

?>

來源

2016-02-04 Tolga Kantarov

+1

爲什麼這麼多查詢。?您可以寫入一個查詢並獲取所有詳細信息。 –

回答

1

看看這裏這個聲明,

//get 'activated' 
$retAct = "SELECT user_name FROM users WHERE user_name='$name'"; 
        ^it should be activated

而且還有運行三個獨立的查詢是沒有意義的。你可以只用一個查詢,這樣實現同樣的事情:

// your code 

$query = "SELECT user_name, password, activated FROM users WHERE user_name='$name' LIMIT 1"; 
$result = mysqli_query($conn, $query); 
$row = mysqli_fetch_array($result); 
$uname = $row['user_name']; 
$hash = $row['password']; 
$activated = $row['activated']; 

if (filter_input_array(INPUT_POST)) { 

    // your code 

}

來源

2016-02-04 17:15:57

+0

非常感謝!如此愚蠢的錯誤:D –

+0

@TolgaKantarov不客氣! :-) –

+1

@RajdeepPaul:Dada * Daarun *':D' –

2

由於@Rajdeep回答,

$retAct = "SELECT user_name FROM users WHERE user_name='$name'"; 
        ^it should be activated

更好地利用一個查詢。獲取所有細節。

<?php 

//connection with database 
require "db_connect.php"; 
require "password_compat-master/lib/password.php"; 

$name = mysqli_real_escape_string($conn, stripslashes(trim(filter_input(INPUT_POST, 'name')))); 
$pass1 = mysqli_real_escape_string($conn, stripslashes(trim(filter_input(INPUT_POST, 'pass1')))); 

$errorName = ''; 
$errorPass1 = ''; 
$feedback = ''; 

$mainError = false; 

//get hash 
$retHash = "SELECT * FROM users WHERE user_name='$name'"; 
$query_retHash = mysqli_query($conn, $retHash); 

$row = mysqli_fetch_array($query_retHash); 
$hash = $row['password']; 
$uname = $row['user_name']; 
$activated = $row['activated']; 

if (filter_input_array(INPUT_POST)) { 

    if ($name !== $uname) { 
     $mainError = true; 
    } 

    if (!password_verify($pass1, $hash)) { 
     $mainError = true; 
    } 

    if ($activated != 1) { 
     $mainError = true; 
    } 

    if (!$mainError) { 
     $feedback = 'Здравей,' . $name . '!'; 
    } else { 
     $feedback = 'Грешни данни!'; 
    } 
} 

?>

來源

2016-02-04 17:17:46

+1

Ek number。 ;-) @NanaPartykar –

相關問題

 相關問題