1. 首页
  2. 问答
  3. 用户存在时登录错误

用户存在时登录错误

2017-05-18 76 views
-2

我对我的登录脚本有疑问。用户存在时登录错误

我已经使用PHP,看起来像这样登录脚本:

<?php 

include 'headermet.php'; 
include 'database.php'; 

session_start(); 

if(isset($_SESSION['user_id'])){ 
    header("Location: /"); 
} 

if(!empty($_POST['username']) && !empty($_POST['password'])): 

    $records = $conn->prepare('SELECT id,username,password FROM users WHERE username = :username'); 
    $records->bindParam(':username', $_POST['username']); 
    $records->execute(); 
    $results = $records->fetch(PDO::FETCH_ASSOC); 

    $message = ''; 

    if(count($results) > 0 && password_verify($_POST['password'], $results['password'])){ 

     $_SESSION['user_id'] = $results['id']; 

     header("Location: /"); 

    } else { 
     $message = 'ERROR while trying to login'; 
    } 

endif; 

?> 

<body> 

    <h1 style = "margin-top:100px;">LOGIN</h1> 
     <?php if(!empty($message)): ?> 
     <p><?= $message ?></p> 
    <?php endif; ?> 

    <form action="login.php"= method="POST"> 

     <input type="text" placeholder="Gebruikersnaam" name="username"> 
     <input type="password" placeholder="Wachtwoord" name="password"> 
     <input type="submit"> 

    </form> 
</body> 

<?php include 'footer.php';?>

在我添加了一个错误消息,如果凭据不正确的代码。该消息是$message = 'ERROR while trying to login'; 使用sequelpro我加入的用户名测试用户:测试密码:测试 enter image description here

当我填写与形式:测试:测试我得到这个: enter image description here

来源

2017-05-18 kevin seda

+2

好然后做一些调试,找出它出错...是否'$结果[ '密码']'包含的值? 'count($ results)'实际上更大的零? (顺便说一句,你正试图在你做这个检查的时候获取一个结果行 - 没什么意义。)'password_verify'的返回值是多少? ...你知道,找出为什么我的剧本做它做的绝对的基础... – CBroe

+0

你的php代码是好的。检查你的数据库表或数据库连接 –

回答

1

password_verify对我来说是新的。另一种做法是,如果数据库中存在匹配项,则可以假定在返回行时登录成功。因此:

首先通过密码进入SELECT检查

$records = $conn->prepare('SELECT id,username,password FROM users WHERE username = :username AND password = :password');

记住绑定密码以及

$records->bindParam(':password ', $_POST['password']); //Rather encrypt password

这是很好的做法,加密后的注册,然后将密码再次输入登录密码,输入的密码与数据库中的密码匹配。

然后检查是否有行返回

$count = $records->rowCount(); // This will return the number of rows 

    if($count > 0) //This will cause issue if more than one row is returned but illustrates the point. 
    { 
     $_SESSION['user_id'] = $results['id']; 
     header("Location: /"); 
    }

来源

2017-05-18 09:05:39

1

首先登录脚本是不安全的u需要学习如何使用MD5或他人encrpt密码..我prefe u使用此,并按照d步骤

<?php 
 
if (isset($_POST['save'])){ 
 
session_start(); 
 
if(isset($_SESSION['SESS_MEMBER_ID']) && $_SESSION['SESS_MEMBER_ID']!=''){header("Location:home.php");} 
 
$dbh=new PDO('mysql:dbname=dbname;hostdbhost', 'dbusername', 'dbpassword');/*Change The Credentials to connect to database.*/ 
 
$username=$_POST['username']; 
 
$password =(md5($_POST['pass'])); /*Encrpt your password with md5.*/ 
 
if(isset($_POST) && $username!='' && $password!=''){ 
 
$sql=$dbh->prepare("SELECT id,password,username FROM tablename WHERE username=?"); 
 
$sql->execute(array($username)); 
 
while($r=$sql->fetch()){ 
 
    $p=$r['password']; 
 
    $u=$r['username']; 
 
} 
 

 
if($p==$password){ 
 
      $_SESSION['SESS_MEMBER_ID']=$id; 
 
      $_SESSION['SESS_USERNAME'] = $u; 
 

 
    header("Location:home"); 
 
}else{ 
 
    header("Location: login.php?error=1"); 
 
} } 
 
} 
 

 
?> 
 

 

 
<form method="post" enctype="multipart/form-data"> 
 
\t \t \t \t \t \t <div> 
 
\t \t \t \t \t \t \t <span>Username<label>*</label></span> 
 
\t \t \t \t \t \t 
 
\t \t \t \t <input type="text" name="username" required> 
 
\t \t \t \t \t \t </div> 
 
\t \t \t \t \t \t <div> 
 
\t \t \t \t \t \t \t <span>Password<label>*</label></span> 
 
\t \t \t \t \t \t \t <input type="password" name="pass" required> 
 
\t \t \t \t \t \t </div> 
 
\t \t \t \t \t \t 
 
\t \t \t \t \t \t <input type="submit" name="save" value="Login"> 
 
\t \t \t \t \t </form>

来源

2017-05-18 09:20:43

相关问题

 相关问题