我有2個問題。 基本故事:我創建了一個簡單的註冊和登錄系統。
問題1:如果我嘗試註冊一個新的帳戶,然後它說:「用戶註冊失敗」。目前應該說,因爲mysql無法從表單獲取正確的信息。但問題是我不知道爲什麼。一切都似乎是正確的...
Problem2:如果我嘗試與現有的帳戶登錄,然後好像是瀏覽器只刷新頁面,並沒有別的...
註冊與PHP代碼:未能通過「PHP表單」連接/提交到MySQL
<?php
require ('insert.php');
// If values posted, insert into the database.
if (isset($_POST['username']) && isset($_POST['password'])){
$name = $_POST['name'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = $_POST['password'];
// nimi refers to name, it's correct
$query = "INSERT INTO `user` (nimi, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
//POST retrieves the data.
$result = mysqli_query($connection, $query);
if($result){
$smsg = "User Created Successfully.";
} else {
$fmsg = "User Registration Failed";
}
}
mysqli_close($connection);
?>
<html>
...
<body>
...
<div>
<form method="POST" class="form-horizontal" role="form">
<!-- Status, how registering went -->
<?php if(isset($smsg)){ ?><div class="alert alert-success" role="alert"> <?php echo $smsg; ?> </div><?php } ?>
<?php if(isset($fmsg)){ ?><div class="alert alert-danger" role="alert"> <?php echo $fmsg; ?> </div><?php } ?>
<!-- Registration form starts -->
<h2>Form</h2><br>
<label for="Name"></label>
<input name="name" type="text" id="name" maxlength="40" placeholder="Ees- ja perenimi" class="form-control" autofocus> <!-- lopp -->
<label for="email"></label>
<input name="email" type="email" id="email" maxlength="65" placeholder="Email" class="form-control"> <!-- lopp -->
<label for="Username"></label>
<input name="username" type="text" id="userName" maxlength="12" placeholder="Kasutajatunnus/kasutajanimi" class="form-control" required> <!-- lopp -->
<label for="Password"></label>
<input name="password" type="password" id="password" maxlength="12" placeholder="Parool" class="form-control" required>
<button type="submit" class="btn btn-primary btn-block">Join</button>
</form> <!-- /form -->
</div> <!-- ./container -->
...
</body>
</html>
登錄:
<?php
session_start();
require ('insert.php');
//Is username and password typed?
if (isset($_POST['username']) and isset($_POST['password'])){
//Making vars from inputs
$username = $_POST['username'];
$password = $_POST['password'];
//Checking existent of values.
$query = "SELECT * FROM `liikmed`
WHERE username='$username'
and password='$password'";
$result = mysqli_query($connection, $query)
or die(mysqli_error($connection));
$count = mysqli_num_rows($result);
//3.1.2 If values equal, create session.
if ($count == 1){
$_SESSION['username'] = $username;
} else {
//If credentials doesn't match.
$fmsg = "Invalid Login Credentials.";
}
}
//if user logged in, welcome with message
if (isset($_SESSION['username'])){
$username = $_SESSION['username'];
echo "Hai " . $username . "";
echo "This is the Members Area";
echo "<a href='logout.php'>Logout</a>";
}else{}
?>
<html>
...
<body>
...
<div id="bg"></div>
<form method="POST" class="form-horizontal">
<h2>Login</h2><br>
<label for="User"></label>
<input name="username" type="text" maxlength="15" placeholder="Username" class="form-control" required autofocus>
<label for="Password"></label>
<input name="password" type="password" maxlength="50" placeholder="Password" class="form-control" required autofocus>
<button type="submit" class="btn btn-primary btn-block">Enter</button>
</form>
</div>
...
</body>
</html>
最後的PHP數據庫連接文件(稱爲insert.php):
<?php
$connection=mysqli_connect("localhost","root","pw");
if (!$connection){
die("Database Connection Failed" . mysqli_error($connection));
}
$select_db = mysqli_select_db($connection, 'my_database');
if (!$select_db){
die("Database Selection Failed" . mysqli_error($connection));
}
?>
相反呼應,比如'$ fmsg =「用戶註冊失敗」一faily無益的消息;'而是捕捉和顯示真正的數據庫錯誤使用(同時測試) '$ result-> error'然後你就會知道出了什麼問題,更重要的是**出了什麼問題** – RiggsFolly
請不要存儲普通的測試密碼**其巨大的安全災難** PHP提供[''password_hash()']( http://php.net/manual/en/function.password-hash.php) 和['password_verify()'](http://php.net/manual/en/function.password-verify.php)請使用米 這裏有一些[有關密碼的好點子(https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) 如果您使用的是PHP版本5.5之前的[有可以在這裏找到一個兼容包(HTTPS ://github.com/ircmaxell/password_compat) – RiggsFolly
您的腳本存在[SQL注入攻擊]的風險(http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in- php) 看看發生了什麼事[Little Bobby Tables](http://bobby-tables.com/)即使 [如果你是逃避投入,它不安全!](http://stackoverflow.com/問題/ 5741187/sql -injection-that-around-mysql-real-escape-string) 使用[prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements。 php) – RiggsFolly