[英]username and password passed as integers rather than strings
I'm creating a login script and its failing each time even when I input the correct credentials. 我正在创建一个登录脚本,每次即使输入正确的凭据也会失败。 I firstly thought this was to do with the crypt function which has been explained in depth and have done further research upon to find a good method. 首先,我认为这与crypt函数有关,该函数已被深入解释,并进行了进一步的研究以找到一种好的方法。
Anyway I have remove the crypt function in both the login and register to test the login script. 无论如何,我已经删除了登录名和注册中的crypt函数以测试登录脚本。 Upon removing this I still got an error which stated Invalid username or password
. 删除后,仍然出现错误,指出Invalid username or password
。
I wanted to see what was actually been passed in my POST
variables, so I echoed these variables as they are defined eg 我想看看实际在POST
变量中传递了什么,所以我在定义它们时回显了这些变量,例如
$username = isset($_POST['username']);
echo $username;
outputs: 1
输出: 1
however 然而
echo $_POST['username'];
outputs admin
(which is the username I have been using) 输出admin
(这是我一直在使用的用户名)
If I remove the isset from this POST variable then I am returned with the true value but this still fails my login script. 如果我从此POST变量中删除了isset,则返回true值,但这仍然会使我的登录脚本失败。
I don't understand whats going wrong as I've used this same statement in a different function to test it and it works, instead of using POST variables I am already setting the username and password and then wrapping in a foreach statement and this works. 我不明白发生了什么问题,因为我在不同的函数中使用了相同的语句来测试它并且可以正常工作,而不是使用POST变量,我已经设置了用户名和密码,然后将其包装在一个foreach语句中,并且可以正常工作。
It must be something to do with my POST variables and the way I am handling it but I don't have the experience/knowledge to solve the problem. 这一定与我的POST变量以及我处理它的方式有关,但是我没有解决问题的经验/知识。 I can't understand why my POST data is returned as a integer but then even when I remove the isset tag my statement is still false? 我不明白为什么我的POST数据会以整数形式返回,但是即使删除了isset标记,我的语句仍然为false?
Any input and help is greatly welcomed and appreciated. 任何意见和帮助都将受到极大的欢迎和赞赏。
Below is my code, if there's anything else required please ask: 以下是我的代码,如果还有其他要求,请询问:
index.php index.php
<form id="loginForm" method="POST" action="classes/class.Login.php">
<input type="text" id="username" name="username" placeholder="Username"/>
<input type="password" id="password" name="password" placeholder="Password" class="showpassword"/>
<input type="submit" name="submit" value="Log in"/>
classes/class.Login.php classes / class.Login.php
public function loginuser() {
$username = isset($_POST['username']);
$password = isset($_POST['password']);
//$salt = "boo";
//$pw = crypt($password, $salt);
$stmt = $this->pdo->prepare("SELECT * FROM users WHERE username = :username AND password = :password LIMIT 1");
$stmt->bindValue(":username", $_POST['username'], PDO::PARAM_STR);
$stmt->bindValue(":password", $_POST['password'], PDO::PARAM_STR);
if ($stmt->fetch(PDO::FETCH_ASSOC))
{
$_SESSION['authorized'] = true;
$_SESSION['username'] = $username;
header('Location: testloginrequired.php');
} else {
echo "Invaild username or password. Try again";
}
}// end loginuser
Change: 更改:
$username = isset($_POST['username']);
to : 至 :
$username = ($_POST['username']);
isset
function returns a boolean value (true,false) , so your $username
would be boolean (true or 1
) not a string! isset
函数返回一个布尔值(true,false),因此您的$username
将是布尔值(true或1
)而不是字符串!
$username = isset($_POST['username']);
Is just checking if the variable is set. 只是检查变量是否已设置。 Get rid of the isset and change it simply to 摆脱isset并将其更改为
$username = $_POST['username'];
If that doesn't work, then do this 如果那行不通,那就这样做
$username = settype($username, "string");
Use construction: 使用构造:
if (isset($_POST['username'])) $username = $_POST['username'];
If you will remove "isset" check, you will get warning, if key 'username' will not exists in POST. 如果要删除“ isset”检查,则如果POST中不存在键“用户名”,则会收到警告。
Improvement of your code: 改进您的代码:
$username = (isset($_POST['username'])) ? $_POST['username'] : '';
This is ternary operator and it's suitable in your case. 这是三元运算符 ,适合您的情况。 If key 'username' exists in POST, then $username will equals $_POST['username'], otherwise $username will empty. 如果POST中存在键“ username”,则$ username等于$ _POST ['username'],否则$ username将为空。 Enjoy :) 请享用 :)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.