目前我正在處理我的第一個登錄腳本。在我的腳本中,我試圖確認用戶名是否存在,用戶是否處於活動狀態,用戶標識是什麼以及用戶名和密碼是否匹配。 (見下面的代碼)查詢不適用於登錄腳本
function sanitize($con, $data) {
return mysqli_real_escape_string($con, $data);
}
function user_exists($username, $con) {
$username = sanitize($con, $username);
$query = mysqli_query($con, "SELECT COUNT(*) FROM users WHERE username='$username'") or die (mysqli_error());
$result = mysqli_fetch_row($query);
return ($result[0] == 1) ? true : false;
}
function user_active($username, $con) {
$username = sanitize($con, $username);
$query = mysqli_query($con, "SELECT COUNT(*) FROM users WHERE username='$username' AND active=1") or die (mysqli_error());
$result = mysqli_fetch_row($query);
return ($result[0] == 1) ? true : false;
}
function user_id_from_username ($username, $con) {
$username = sanitize($con, $username);
$query = mysqli_query($con, "SELECT user_id FROM users WHERE username='$username'") or die (mysqli_error());
$result = mysqli_fetch_row($query);
return $result[0];
}
function login($username, $password, $con) {
$user_id = user_id_from_username($con, $username);
$username = sanitize($con, $username);
$password = md5($password);
$query = mysqli_query($con, "SELECT COUNT(*) FROM users WHERE username='$username' AND password='$password'") or die (mysqli_error());
$result = mysqli_fetch_row($query);
return ($result[0] == 1) ? true : false;
}
我試圖通過編寫下面的代碼來確認是否輸出正確的數據。
if (user_exists('susievanveen', $con) === true) {
echo 'user exists';
}
else {
echo 'user doesn\'t exist';
}
if (user_active('susievanveen', $con) === true) {
echo ' and user is active.';
}
else {
echo ' and user is not active yet.<br><br>';
}
echo 'User ID = ', user_id_from_username($username='susievanveen', $con);
echo '<br>Active = ', user_active($username='susievanveen', $con);
echo '<br>Match found between username and password = ', login($username='susievanveen', $password='password', $con);
我得到了關於用戶存在的正確結果,無論用戶是否活動,它是用戶ID。但它不會返回有關用戶名和密碼是否匹配的任何數據。那麼有人可以告訴我這段代碼有什麼問題嗎?
只是一對夫婦的想法:在返回的條件:'$結果[0] == 1',你當然應該將它改爲'$ result [0] === 1'(注意額外的=)。另外,MD5不適用於密碼存儲。 另外,你在echo語句中的函數調用應該是:'user_id_from_username('susievanveen',$ con)',省略'$ username ='部分。 –
密碼是否包含需要清理的任何字符?這可能與md5用戶密碼混淆。 –