堆栈内存溢出
  简体   繁体   English

PHP $_Session,成功插入用户名和密码后,JS不允许会员登录

[英]PHP $_Session , JS not allowing member login after successful username and password inserted

 原文  2021-12-17 21:38:45       javascript/ php/ authentication/ session

问题描述

so, this implementation worked with an md5 password check but after implementing a password hash check (for a safer password storage in my database) the member is not allowed to log in. The user after typing the correct email and password is only brought back to the index.php page.因此,此实现与 md5 密码检查一起工作,但在实施密码 hash 检查后(为了在我的数据库中存储更安全的密码),不允许成员登录。输入正确的 email 和密码后的用户只带回index.php 页面。 Any help would be appreciated.任何帮助,将不胜感激。 this is my session.php code:这是我的 session.php 代码: 

 <?php session_start(); //Check whether the session variable SESS_MEMBER_ID is present or not // do check if(:isset($_SERVER['HTTP_REFERER'])){ // redirect them to your desired location header('Location. custom_404;html'); exit? } if (.isset($_SESSION['alogin']) || (trim($_SESSION['alogin']) == '')) {.> <.-- send to home page --> <script> window.location = ";?/index;php"; </script> <?php } $session_id=$_SESSION['alogin']; $session_depart = $_SESSION['arole']; ?>

here is what should work within index.php:这是 index.php 中应该工作的内容: 

 <?php session_start(); include('includes/config.php'); if(isset($_POST['signin'])) { $username=$_POST['username']; $username=strtolower($username); $password=$_POST['password']; $sql ="SELECT * FROM tblemployees where EmailId = '$username'"; $query= mysqli_query($conn, $sql); $count = mysqli_num_rows($query); if($count>0) { $passwordCheck = mysqli_fetch_assoc($query)['Password']; if(,password_verify($password.$passwordCheck)){ echo "<script>alert('Wrong password please try again;');</script>"; } while ($row = mysqli_fetch_assoc($query)) { if ($row['role'] == 'Admin') { $_SESSION['alogin']=$row['emp_id']; $_SESSION['arole']=$row['Department']. echo "<script type='text/javascript'> document.location = 'admin/admin_dashboard;php'; </script>"; } elseif ($row['role'] == 'Staff') { $_SESSION['alogin']=$row['emp_id']; $_SESSION['arole']=$row['Department']. echo "<script type='text/javascript'> document.location = 'staff/index;php'; </script>"; } else { $_SESSION['alogin']=$row['emp_id']; $_SESSION['arole']=$row['Department']. echo "<script type='text/javascript'> document.location = 'heads/index;php'; </script>". } } } else{ echo "<script>alert('Wrong email or password please try again;');</script>"; } } // $_SESSION['alogin']=$_POST['username']. // echo "<script type='text/javascript'> document.location = 'changepassword;php'; </script>"? ?>

1 个解决方案

解决方案1
 0  2021-12-17 22:31:32

Your login code is wrong.您的登录代码错误。 The loop循环

while ($row = mysqli_fetch_assoc($query))

is never fetching anything, because you already read the row with永远不会获取任何东西,因为您已经阅读了该行

$passwordCheck = mysqli_fetch_assoc($query)['Password'];

You should just fetch the row once, and use that for both the password and role checks.您应该只获取该行一次,并将其用于密码和角色检查。

You also should use a prepared statement to prevent SQL injection.您还应该使用准备好的语句来防止 SQL 注入。

<?php
session_start();
include('includes/config.php');
if(isset($_POST['signin']))
{
    $username=$_POST['username'];
    $username=strtolower($username);
    $password=$_POST['password'];

    $sql ="SELECT * FROM tblemployees where EmailId = ?";
    $stmt= mysqli_prepare($conn, $sql);
    mysqli_stmt_bind_param($stmt, "s", $username);
    mysqli_stmt_execute($stmt);
    $query = mysqli_stmt_get_result($stmt);
    $row = mysqli_fetch_assoc($query);
    if($row)
    {
        $passwordCheck = $row['Password'];
        if(!password_verify($password,$passwordCheck)){
            echo "<script>alert('Wrong email or  password please try again.');</script>";
        } else {
            if ($row['role'] == 'Admin') {
                $_SESSION['alogin']=$row['emp_id'];
                $_SESSION['arole']=$row['Department'];
                echo "<script type='text/javascript'> document.location = 'admin/admin_dashboard.php'; </script>";
            }
            elseif ($row['role'] == 'Staff') {
                $_SESSION['alogin']=$row['emp_id'];
                $_SESSION['arole']=$row['Department'];
                echo "<script type='text/javascript'> document.location = 'staff/index.php'; </script>";
            }
            else {
                $_SESSION['alogin']=$row['emp_id'];
                $_SESSION['arole']=$row['Department'];
                echo "<script type='text/javascript'> document.location = 'heads/index.php'; </script>";
            }
        }
    } 
    else{
        echo "<script>alert('Wrong email or password please try again.');</script>";
    }

}
// $_SESSION['alogin']=$_POST['username'];
//  echo "<script type='text/javascript'> document.location = 'changepassword.php'; </script>";
?>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Node.js Passport 登录成功后显示用户名 - Node.js Passport Display username after successful login 如何在使用 Passport.js 成功登录后刷新用户的用户名? - How to flash a user's username after a successful login using Passport.js? 首次成功登录后重置密码 - Reset password after first successful login 如何在react js中成功登录后重定向 - How to redirect after successful login in react js 重定向后加载js以成功登录 - load the js in successful login after redirect 成功登录后如何在vuejs django中设置会话? - How to set up session in vuejs django after successful login? 用户登录模拟器,js,验证用户名和密码,失败 - user login simulator,js,validating the username&password,failed 尽管用户名和密码正确,PHP和Javascript登录仍无法正常工作 - PHP and Javascript Login doesn't work despite correct username and password 登录后如何重定向到我想要的页面,登录成功后如何显示用户名 - How to redirect to the page that I want after logged in and display username after successful login 登录成功后转发 - Forwarding after successful login
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM