使用现有数据库用户(PHP)进行登录验证
[英]Login verification with existing database user (PHP)
问题描述
I'm new to PHP and i'm trying to create a Login system without using template code. 
我是PHP的新手,正在尝试创建一个不使用模板代码的Login系统。 The registration form that I connected to the following code completly works and saved users into my database without any problem. 我连接到以下代码的注册表单可以正常运行,并将用户毫无问题地保存到数据库中。
Now, here is my login code. 现在,这是我的登录代码。 I have created several users to test this out using my registration form. 我已经创建了几个用户,可以使用我的注册表格进行测试。 This is what I have in PHP: 这就是我在PHP中所拥有的:
<?php
session_start();
include_once('classes/connection.php');
if(isset($_POST['username']))
{
if(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = mysqli_real_escape_string($link, $_POST['username']);
$password = md5(mysqli_real_escape_string($link, $_POST['password']));
$checklogin = mysqli_query($link, "SELECT * FROM tblusers WHERE username = '".$username."' AND password = '".$password."'");
if(mysqli_num_rows($checklogin) == 1)
{
$row = mysqli_fetch_array($checklogin);
$username = $row['username'];
$email = $row['email'];
$name = $row['name'];
$surname = $row['surname'];
$_SESSION['Username'] = $username;
$_SESSION['Email'] = $email;
$_SESSION['Name'] = $name;
$_SESSION['Surname'] = $surname;
$_SESSION['LoggedIn'] = 1;
header('location: index.php');
}
else
{
$feedback= "<p>Your account was not found, please try again.</p>";
}
} else
{
$feedback= "<p>Please fill in all the blank areas.</p>";
}
}
?>
here is the HTML connected to this: 这是与此相关的HTML:
<article>
<?php if(isset($feedback)): ?> <!-- BEGIN FEEDBACK -->
<div id="feedback">
<?php echo $feedback ?>
</div>
<?php endif; ?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<h2>Login</h2>
<table><tr>
<td>Username:</td>
<td><input size="10%" id="username" class="form-text" name="username"type="text"/></td></tr>
<tr>
<td>Password:</td>
<td><input size="10%" id="password" class="form-text" name="password" type="password"/></td>
</tr>
<tr>
<td></td>
<td><input name="loginknop" type="submit" value="Login" />
<a href="register.php">No account? Click here!</a></td>
</tr></table>
</form>
</article>
To me, this all seems correct and would be able to function. 对我来说,这一切似乎都是正确的,并且能够正常运行。 However, every time i test out this login, with for example: USERNAME: TEST and PASSWORD: TEST123 (which is already inside my database, as a potential user), i get my feedback saying: "Your account was not found, please try again." 但是,每次我测试该登录名时,例如:USERNAME:TEST和PASSWORD:TEST123(作为潜在用户,它已经在我的数据库中),我得到的反馈是:“找不到您的帐户,请尝试再次。”
So my questions being: 1) How can i fix this? 所以我的问题是: 1)我该如何解决? i believe my code is correct but i have no idea why it keeps telling me my account does not exist. 我相信我的代码是正确的,但我不知道为什么它一直告诉我我的帐户不存在。
2) Suggestions on how to improve or shorten this code are appreciated as well, i'm eager to learn 2)我们也很感谢有关如何改进或缩短此代码的建议,我很想学习
2 个解决方案
解决方案1
1 已采纳 2013-08-26 19:01:26
You just have to add some debug code lines to your php-file, so You can find where the problem is. 您只需要在php文件中添加一些调试代码行,就可以找到问题所在。
For example: 例如:
if(!empty($_POST['username']) && !empty($_POST['password']))
{
echo "You entered: username={$_POST['username']}, password={$_POST['password']}<br>";
$username = mysqli_real_escape_string($link, $_POST['username']);
$password = md5(mysqli_real_escape_string($link, $_POST['password']));
echo "Your username after escaping: {$username}<br>";
echo "Your password after scaping and MD5: {$password}<br>";
$checklogin = mysqli_query($link, "SELECT * FROM tblusers WHERE username = '".
$username."' AND password = '".$password."'");
echo "Count of users with the same username and password = " . mysqli_num_rows($checklogin);
$checkusername = mysqli_query($link, "SELECT * FROM tblusers WHERE username = '". $username."'");
echo "Count of users with the same username = " . mysqli_num_rows($checkusername);
$checkpass = mysqli_query($link, "SELECT * FROM tblusers WHERE password = '". $password."'");
echo "Count of users with the same password md5 = " . mysqli_num_rows($checkpass);
if(mysqli_num_rows($checklogin) == 1)
{
$row = mysqli_fetch_array($checklogin);
$username = $row['username'];
$email = $row['email'];
$name = $row['name'];
$surname = $row['surname'];
$_SESSION['Username'] = $username;
$_SESSION['Email'] = $email;
$_SESSION['Name'] = $name;
$_SESSION['Surname'] = $surname;
$_SESSION['LoggedIn'] = 1;
//header('location: index.php'); <-- comment it to see debug info
}
After that you can see what is the problem. 之后,您可以看到问题所在。 As I see now it could be: 我现在看到的可能是:
- You sending username or password in a wrong POST-variables 您在错误的POST变量中发送用户名或密码
- You storing your username or password in some different format 您以其他不同的格式存储用户名或密码
PS And If it doesn't help you, please, post here output of all this echos, that you have gained after login try! 附言:如果这对您没有帮助,请在此处发布您尝试登录后获得的所有回声的输出!
解决方案2
0 2013-08-26 19:02:37
This line: 这行:
$password = md5(mysqli_real_escape_string($link, $_POST['password']));
takes the data you enter into the screen TEST123 and creates an MD5 hash of it. 将您输入的数据输入屏幕TEST123并TEST123创建一个MD5哈希。 So it is going to look like this: 因此它将看起来像这样:
22b75d6007e06f4a959d1b1d69b4c4bd
So if as you say your database has a 因此,如果您说您的数据库有一个
username = 'TEST'
password = "TEST123'
When you do your query 当您查询时
$checklogin = mysqli_query($link, "SELECT * FROM tblusers WHERE username = '$username' AND password = '$password' ");
$password will = 22b75d6007e06f4a959d1b1d69b4c4bd but tabuser.password will = 'TEST123' therefore the row will not be selected! $password will = 22b75d6007e06f4a959d1b1d69b4c4bd但tabuser.password将='TEST123'因此将不选择该行!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.