目前我正在处理我的第一个登录脚本。在我的脚本中,我试图确认用户名是否存在,用户是否处于活动状态,用户标识是什么以及用户名和密码是否匹配。 (见下面的代码)查询不适用于登录脚本
function sanitize($con, $data) {
return mysqli_real_escape_string($con, $data);
}
function user_exists($username, $con) {
$username = sanitize($con, $username);
$query = mysqli_query($con, "SELECT COUNT(*) FROM users WHERE username='$username'") or die (mysqli_error());
$result = mysqli_fetch_row($query);
return ($result[0] == 1) ? true : false;
}
function user_active($username, $con) {
$username = sanitize($con, $username);
$query = mysqli_query($con, "SELECT COUNT(*) FROM users WHERE username='$username' AND active=1") or die (mysqli_error());
$result = mysqli_fetch_row($query);
return ($result[0] == 1) ? true : false;
}
function user_id_from_username ($username, $con) {
$username = sanitize($con, $username);
$query = mysqli_query($con, "SELECT user_id FROM users WHERE username='$username'") or die (mysqli_error());
$result = mysqli_fetch_row($query);
return $result[0];
}
function login($username, $password, $con) {
$user_id = user_id_from_username($con, $username);
$username = sanitize($con, $username);
$password = md5($password);
$query = mysqli_query($con, "SELECT COUNT(*) FROM users WHERE username='$username' AND password='$password'") or die (mysqli_error());
$result = mysqli_fetch_row($query);
return ($result[0] == 1) ? true : false;
}
我试图通过编写下面的代码来确认是否输出正确的数据。
if (user_exists('susievanveen', $con) === true) {
echo 'user exists';
}
else {
echo 'user doesn\'t exist';
}
if (user_active('susievanveen', $con) === true) {
echo ' and user is active.';
}
else {
echo ' and user is not active yet.<br><br>';
}
echo 'User ID = ', user_id_from_username($username='susievanveen', $con);
echo '<br>Active = ', user_active($username='susievanveen', $con);
echo '<br>Match found between username and password = ', login($username='susievanveen', $password='password', $con);
我得到了关于用户存在的正确结果,无论用户是否活动,它是用户ID。但它不会返回有关用户名和密码是否匹配的任何数据。那么有人可以告诉我这段代码有什么问题吗?
只是一对夫妇的想法:在返回的条件:'$结果[0] == 1',你当然应该将它改为'$ result [0] === 1'(注意额外的=)。另外,MD5不适用于密码存储。 另外,你在echo语句中的函数调用应该是:'user_id_from_username('susievanveen',$ con)',省略'$ username ='部分。 –
密码是否包含需要清理的任何字符?这可能与md5用户密码混淆。 –