1. 首页
  2. 问答
  3. 使用PHP和MYSQL创建登录脚本

使用PHP和MYSQL创建登录脚本

2014-11-09 32 views
2

我试图在托管的网页上创建一个简单的登录系统。我有一个使用phpMyAdmin创建的MySQL数据库和表。数据库,HTML和PHP文件托管在同一台服务器上。我可以添加用户,帐户信息出现在表格中。问题在于登录。我总是收到“登录失败错误”。我用过的教程是located here。我已经检查并重新检查了错误密码,我不认为这是问题。我相信这个问题与fetchColumn()命令有关。从我研究的内容来看,这个命令抓取下一行,这对我来说没有意义,因为用户名,密码和用户ID都位于同一行,只是不同的列。使用PHP和MYSQL创建登录脚本

这是用户提交信息,然后调用登录脚本的形式。下面的代码有两种形式;第一种形式是什么在这个问题上很重要。

<?php 

/*** begin our session ***/ 
session_start(); 

/*** set a form token ***/ 
$form_token = md5(uniqid('auth', true)); 

/*** set the session form token ***/ 
$_SESSION['form_token'] = $form_token; 
?> 

<html> 
<head> 
<title>Log In Page</title> 
<link rel="stylesheet" type="text/css" href="formstyle.css"> 
</head> 

<header> 
Log In Page 
</header> 

<body> 
<h2>Log In</h2> 
<form action="login_submit.php" method="post"> 
<fieldset id="forms" > 
<p> 
<label for="username">Username</label> 
<input type="text" id="username" name="username" value="" maxlength="20"/> 
</p> 
<p> 
<label for="password">Password</label> 
<input type="text" id="password" name="password" value="" maxlength="20"/> 
</p> 
<p> 
<input type="submit" value="Login"/> 
</p> 
</fieldset> 
</form> 

<h2>Create Account</h2> 
<form action="adduser_submit.php" method="post"> 
<fieldset id="forms" > 
<p> 
<label for="username">Username</label> 
<input type="text" id="username" name="username" value="" maxlength="20"/> 
</p> 
<p> 
<label for="password">Password</label> 
<input type="text" id="password" name="password" value="" maxlength="20"/> 
</p> 
<p> 
<input type="hidden" name="form_token" value="<?php echo $form_token; ?>" /> 
<input type="submit" value="Sign Up"/> 
</p> 
</fieldset> 
</form> 
</body> 
</html>

这是login_submit脚本。

 <?php 

    /*** begin our session ***/ 
    session_start(); 

    /*** check if the user is already logged in ***/ 
    if(isset($_SESSION['userID'])) 
    { 
     $message = 'User is already logged in'; 
    } 
    /*** check that both the username and password have been submitted ***/ 
    if(!isset($_POST['username'], $_POST['password'])) 
    { 
     $message = 'Please enter a valid username and password'; 
    } 
    /*** check the username is the correct length ***/ 
    elseif (strlen($_POST['username']) > 20 || strlen($_POST['username']) < 4) 
    { 
     $message = 'Incorrect Length for Username'; 
    } `enter code here` 
    /*** check the password is the correct length ***/ 
    elseif (strlen($_POST['password']) > 20 || strlen($_POST['password']) < 4) 
    { 
     $message = 'Incorrect Length for Password'; 
    } 
    /*** check the username has only alpha numeric characters ***/ 
    elseif (ctype_alnum($_POST['username']) != true) 
    { 
     /*** if there is no match ***/ 
     $message = "Username must be alpha numeric"; 
    } 
    else 
    { 
     /*** if we are here the data is valid and we can insert it into database ***/ 
     $username = filter_var($_POST['username'], FILTER_SANITIZE_STRING); 
     $password = filter_var($_POST['password'], FILTER_SANITIZE_STRING); 

     /*** now we can encrypt the password ***/ 
     $password = sha1($password); 

     /*** connect to database ***/ 
     /*** mysql hostname ***/ 
     $mysql_hostname = 'localhost'; 

     /*** mysql username ***/ 
     $mysql_username = 'neticl5'; 

     /*** mysql password ***/ 
     $mysql_password = 'corrupted707'; 

     /*** database name ***/ 
     $mysql_dbname = 'neticl5_apptest'; 

     try 
     { 
      $dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password); 
      /*** $message = a message saying we have connected ***/ 

      /*** set the error mode to excptions ***/ 
      $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 

      /*** prepare the select statement ***/ 
      $stmt = $dbh->prepare('SELECT userID, username, password FROM useraccounts 
         WHERE username = :username AND password = :password'); 

      /*** bind the parameters ***/ 
      $stmt->bindParam(':username', $username, PDO::PARAM_STR); 
      $stmt->bindParam(':password', $password, PDO::PARAM_STR, 40); 

      /*** execute the prepared statement ***/ 
      $stmt->execute(); 

      /*** check for a result ***/ 
      $userID = $stmt->fetchColumn(); 

     /*** if we have no result then fail boat ***/ 
      if($userID == false) 
      { 
        $message = 'Login Failed'; 
      } 
     /*** if we do have a result, all is well ***/ 
      else 
      { 
        /*** set the session user_id variable ***/ 
        $_SESSION['userID'] = $userID; 

        /*** tell the user we are logged in ***/ 
        $message = 'You are now logged in'; 
      } 
     } 
     catch(Exception $e) 
     { 
      /*** if we are here, something has gone wrong with the database ***/ 
      $message = 'We are unable to process your request. Please try again later'; 
     } 
    } 
    ?> 

<html> 
<head> 
<title>Log In</title> 
</head> 
<body> 
<p><?php echo $message; ?></p> 
</body> 
</html>

来源

2014-11-09 Cherokee Lakes

+0

我想阅读该教程吗?呵呵 – 2014-11-09 03:34:34

+0

PHP开启标签('<?php')之前的空白是有问题的。在调用'session_open()'](http://php.net/session_start#refsect1-function.session-start-notes)之前,你不能发送任何*输出。 – 2014-11-09 05:00:57

回答

0

我已经回答了我自己的问题。数据库中的密码字段未设置为正确的长度。用户的字段要求它最大为20.数据库中的字段需要设置为正确的加密限制。

来源

2014-11-09 04:28:28

相关问题

 相关问题