-1
好吧,我认为这段代码今天工作(特别是setSession函数)但是,我已经认识到它只选择用户名而不是密码并允许用户登录。您可以把你想要的任何东西到表单(无法检索密码和用户名
<?php
class user
{
protected $db;
protected $uid;
protected $email;
protected $username;
protected $citcode;
protected $password;
public $error;
function __construct($db)
{
$this->db = $db;
}
function error($error)
{
$this->error = $error;
}
function passwordCrypt($password)
{
$password = crypt($password, '$2a$07$ThisIsSparta$');
return $password;
}
function registerUser($username, $password, $email, $citcode, $db)
{
$verifyCC = $this->checkCitCode($citcode);
$verifyUser = $this->checkUsername($username, $email);
if($verifyUser == true)
{
if($verifyCC == true)
{
$password = $this->passwordCrypt($password);
$username = $this->db->real_escape_string($username);
$email = $this->db->real_escape_string($email);
$date = date('Y-m-d');
$sql = "INSERT INTO users(username, password, email, joindate) VALUES ('{$username}', '{$password}', '{$email}', NOW());";
$sql .= "INSERT INTO bank_accounts(type, balance) VALUES ('personal', '10000');";
$query = $this->db->multi_query($sql);
if(!$query)
{
$this->error('Could not register user, please try again later.');
}
else
{
return true;
}
}
else
{
return $this->error('Could not Verify Citizen Code');
}
}
else
{
return $this->error('Username/Password is already taken');
}
}
function checkCitCode($citcode)
{
$sql = "SELECT amount, active FROM citizen_codes WHERE citizen_code = '{$citcode}';";
$query = $this->db->query($sql);
if(!$query)
{
die(mysqli_error($this->db));
}
else
{
while($row = $query->fetch_assoc())
{
if($row['active'] >= $row['amount'])
{
return false;
}
else
{
$active = $row['active'] +1;
$sql = "UPDATE citizen_codes SET active = '{$active}' WHERE citizen_code = '{$citcode}';";
$query = $this->db->query($sql);
if(!$query)
{
return false;
}
else
{
return true;
}
}
}
}
}
function checkUsername($username, $email)
{
$sql = "SELECT count(*) FROM users WHERE username = '{$username}' OR email = '{$email}'";
$que = $this->db->query($sql);
if(!$que)
{
return false;
}
else
{
$row = $que->fetch_array();
if($row[0] > 0)
{
return false;
}
else
{
return true;
}
}
}
function setSession($username, $password)
{
$password = $this->passwordCrypt($password);
$username = $this->db->real_escape_string($username);
$sql = "SELECT uid FROM users WHERE username = '{$username}' AND password = '{$password}';";
$query = $this->db->query($sql);
if(!$query)
{
return false;
}
else
{
while($row = $query->fetch_array())
{
$_SESSION['uid'] = $row[0];
}
}
}
}
以供参考,他的登录脚本。
<?php
if(!isset($_SESSION['uid']))
{
if(!isset($_GET['mode']))
{
$user = new user($db);
?>
<style type='text/css'>
table { background-color: #666; padding: 1%; width: 20%; margin: 0 auto; }
table th { background-color:#ccc; }
table td { padding: 3%; background-color: #f1f1f1; font-weight: bold;}
</style>
<form method='post' action='login.php?mode=set'>
<table cellpadding="0" cellspacing="0">
<tr>
<th colspan='3'><h3>Citizen Login</h3></th>
</tr>
<tr>
<td>Username</td><td>:</td><td><input type='text' name='username' id='username'></td></tr>
<tr>
<td>Password</td><td>:</td><td><input type='password' name='password' id='password'></td>
</tr>
<tr><th colspan='3'><input type='submit' /></th></tr>
<tr><th colspan='3'><span style='font-size: 12px;'>Don't have an account? <a href='register.php'>Register Today!</a><br /> Forgotten Password/Username?</th>
</tr>
</table>
</form>
<?php
}
else
{
include($_SERVER['DOCUMENT_ROOT'].'/includes/constants.php');
$user = new user($db);
$user->setSession($_POST['username'], $_POST['password']);
echo $user->error;
}
}
else
{
header("location:index.php");
}
?>
你对我们的问题是什么?另外,您是否可以尝试将代码修剪到解释问题所需的最低限度? –
“这是我所有的代码,请修复它”问题并不是真正意义上的那类问题。这个问题的答案不太可能帮助未来的访问者。 – cdhowie
我问我的问题,显然不清楚。为什么没有选择密码?这就是我想知道的。因为密码加密工作,密码正在传递给SQL(据我所知,至少,我没有得到任何错误),SQL可以选择用户名,但它不会选择密码。 – Gmz1023