[英]PHP MySql login with either email or username
i cant understand why i can't login with email but only with username.我不明白为什么我不能用电子邮件登录,只能用用户名登录。
This is my login form:这是我的登录表单:
<form action="includes/login.inc.php" method="post">
<div class="inputBox">
<input type="text" name="uname" placeholder="Username">
<input type="password" name="upass" placeholder="Password">
</div>
<input type="submit" name="submit" value="Login">
</form>
This is my register form:这是我的注册表:
<form action="includes/signup.inc.php" method="post">
<div class="inputBox">
<input type="text" name="uname" placeholder="Username">
<input type="text" name="uemail" placeholder="E-mail">
<input type="password" name="upass" placeholder="Password">
<input type="password" name="urpass" placeholder="Repeat Password">
</div>
<input type="submit" name="submit" value="Sign Up">
</form>
My includes files:我的包含文件:
Signup include file:注册包含文件:
<?php
if(isset($_POST['submit'])){
//Grabbing the Data
$uid = $_POST["uname"];
$uemail = $_POST["uemail"];
$upass = $_POST["upass"];
$urpass = $_POST["urpass"];
//Instantiate SignupContr class
include "../classes/dbh.classes.php";
include "../classes/signup.classes.php";
include "../classes/signup-contr.classes.php";
$signup = new SignupContr($uid, $uemail, $upass, $urpass);
//Running error handlers and user signup
$signup -> signupUser();
//Going back to home page
header("location:../index.php?error=none");
}
login include file:登录包含文件:
<?php
if(isset($_POST['submit'])){
//Grabbing the Data
$uid = $_POST["uname"];
$upass = $_POST["upass"];
//Instantiate SignupContr class
include "../classes/dbh.classes.php";
include "../classes/login.classes.php";
include "../classes/login-contr.classes.php";
$login = new loginContr($uid, $upass);
//Running error handlers and user signup
$login -> loginUser();
//Going back to home page
header("location:../index.php?error=none");
}
logout include file:注销包含文件:
<?php
session_start();
session_unset();
session_destroy();
//Going back to home page
header("location: ../index.php");
MY CLASSES FILES ->我的课程文件->
signup classes file:注册类文件:
<?php
class Signup extends Dbh {
protected function setUser($uid, $upass, $uemail) {
$stmt = $this -> connect() -> prepare('INSERT INTO users (users_name, users_pass, users_email) VALUES (?, ?, ?)');
$hashedPass = password_hash($upass, PASSWORD_DEFAULT);
if(!$stmt -> execute(array($uid, $hashedPass, $uemail))){
$stmt = null;
header("location: ../index.php?error=stmtFailed");
exit();
}
$stmt = null;
}
protected function checkUser($uid, $uemail) {
$stmt = $this -> connect() -> prepare('SELECT users_name FROM users WHERE users_name = ? OR users_email = ?;');
if(!$stmt -> execute(array($uid,$uemail))){
$stmt = null;
header("location: ../index.php?error=stmtFailed");
exit();
}
$resultCheck;
if($stmt -> rowCount() > 0) {
$resultCheck = false;
}
else {
$resultCheck = true;
}
return $resultCheck;
}
}
signup-contr classes file:注册控制类文件:
<?php
class SignupContr extends Signup {
private $uid;
private $uemail;
private $upass;
private $urpass;
public function __construct($uid, $uemail, $upass, $urpass) {
$this -> uid = $uid;
$this -> uemail = $uemail;
$this -> upass = $upass;
$this -> urpass = $urpass;
}
//Error Handlers
public function signupUser() {
if($this -> emptyInput() == false) {
//Echo empty input
header("location: ../index.php?error=emptyinput");
exit();
}
if($this -> invalidUid() == false) {
//Echo invalid username
header("location: ../index.php?error=invalidusername");
exit();
}
if($this -> invalidEmail() == false) {
//Echo invalid email
header("location: ../index.php?error=invalidemail");
exit();
}
if($this -> pwdMatch() == false) {
//Echo password match
header("location: ../index.php?error=invalidpasswordmatch");
exit();
}
if($this -> uidTakenCheck() == false) {
//Echo Username or email taken
header("location: ../index.php?error=usernameoremailtaken");
exit();
}
$this -> setUser($this -> uid, $this -> upass, $this -> uemail);
}
private function emptyInput() {
$result;
if(empty($this -> uid || empty($this -> uemail) || empty($this -> upass) || empty($this -> urpass))) {
$result = false;
}
else {
$result = true;
}
return $result;
}
private function invalidUid() {
$result;
if(!preg_match("/^[a-zA-Z0-9]*$/", $this-> uid)){
$result = false;
}
else {
$result = true;
}
return $result;
}
private function invalidEmail() {
$result;
if(!filter_var($this-> uemail, FILTER_VALIDATE_EMAIL)) {
$result = false;
}
else {
$result = true;
}
return $result;
}
private function pwdMatch() {
$result;
if($this -> upass !== $this -> urpass) {
$result = false;
}
else {
$result = true;
}
return $result;
}
private function uidTakenCheck() {
$result;
if(!$this -> checkUser($this -> uid, $this -> uemail)) {
$result = false;
}
else {
$result = true;
}
return $result;
}
}
login classes file:登录类文件:
<?php
class Login extends Dbh {
protected function getUser($uid, $upass) {
$stmt = $this -> connect() -> prepare('SELECT users_pass FROM users WHERE users_name = ? OR users_email = ?;');
if(!$stmt -> execute(array($uid, $upass))){
$stmt = null;
header("location: ../index.php?error=stmtFailed");
exit();
}
if($stmt -> rowCount() == 0) {
$stmt = null;
header("location: ../index.php?error=usernotfound");
exit();
}
$passHashed = $stmt -> fetchAll(PDO::FETCH_ASSOC);
$checkPass = password_verify($upass, $passHashed[0]["users_pass"]);
if($checkPass == false) {
$stmt = null;
header("location: ../index.php?error=wrongpassword");
exit();
}elseif($checkPass == true) {
$stmt = $this -> connect() -> prepare('SELECT * FROM users WHERE users_name = ? OR users_email = ? AND users_pass = ?;');
if(!$stmt -> execute(array($uid, $uid, $upass))){
$stmt = null;
header("location: ../index.php?error=stmtFailed");
exit();
}
if($stmt -> rowCount() == 0) {
$stmt = null;
header("location: ../index.php?error=usernotfound");
exit();
}
$user = $stmt -> fetchAll(PDO::FETCH_ASSOC);
session_start();
$_SESSION["userid"] = $user[0]["users_id"];
$_SESSION["useruid"] = $user[0]["users_name"];
$stmt = null;
}
}
}
login-contr classes file:登录控制类文件:
<?php
class loginContr extends Login {
private $uid;
private $upass;
public function __construct($uid, $upass) {
$this -> uid = $uid;
$this -> upass = $upass;
}
//Error Handlers
public function loginUser() {
if($this -> emptyInput() == false) {
//Echo empty input
header("location: ../index.php?error=emptyinput");
exit();
}
$this -> getUser($this -> uid, $this -> upass);
}
private function emptyInput() {
$result;
if(empty($this -> uid || empty($this -> upass))) {
$result = false;
}
else {
$result = true;
}
return $result;
}
}
Structure of the users table:用户表的结构:
CREATE TABLE users (
users_id int(11) AUTO_INCREMENT PRIMARY KEY not null,
users_name TINYTEXT not null,
users_email TINYTEXT not null,
users_pass LONGTEXT not null
);
Records of users table:用户表记录:
SOLUTION:解决方案:
<?php
class Login extends Dbh {
protected function getUser($uid, $upass) {
$stmt = $this -> connect() -> prepare('SELECT users_pass FROM users WHERE users_name = ? OR users_email = ?;');
if(!$stmt -> execute(array($uid, $uid))){
$stmt = null;
header("location: ../index.php?error=stmtFailed");
exit();
}
if($stmt -> rowCount() == 0) {
$stmt = null;
header("location: ../index.php?error=usernotfound");
exit();
}
$passHashed = $stmt -> fetchAll(PDO::FETCH_ASSOC);
$checkPass = password_verify($upass, $passHashed[0]["users_pass"]);
if($checkPass == false) {
$stmt = null;
header("location: ../index.php?error=wrongpassword");
exit();
}elseif($checkPass == true) {
$stmt = $this -> connect() -> prepare('SELECT * FROM users WHERE (users_name = ? OR users_email = ?) AND users_pass = ?;');
if(!$stmt->execute(array($uid,$uid,$passHashed[0]['users_pass']))){
$stmt = null;
header("location: ../index.php?error=stmtFailed");
exit();
}
if($stmt -> rowCount() == 0) {
$stmt = null;
header("location: ../index.php?error=usernotfoundalt");
exit();
}
$user = $stmt -> fetchAll(PDO::FETCH_ASSOC);
session_start();
$_SESSION["userid"] = $user[0]["users_id"];
$_SESSION["useruid"] = $user[0]["users_name"];
$stmt = null;
}
}
}
I had to change the if(!$stmt -> execute(array($uid, $upass)))
to我不得不将
if(!$stmt -> execute(array($uid, $upass)))
更改为if(!$stmt -> execute(array($uid, $uid)))
. if(!$stmt -> execute(array($uid, $uid)))
。 Also the还有
$stmt = $this -> connect() -> prepare('SELECT * FROM users WHERE users_name = ? OR users_email = ? AND users_pass = ?;');
to `$stmt = $this -> connect() -> prepare('SELECT * FROM users WHERE (users_name = ? OR users_email = ?) AND users_pass = ?;');`
and finally the if(!$stmt->execute(array($uid,$uid,$passHashed[0]['users_pass'])))
to if(!$stmt ->execute(array($uid,$uid,$passHashed[0]['users_pass'])))
最后是
if(!$stmt->execute(array($uid,$uid,$passHashed[0]['users_pass'])))
到if(!$stmt ->execute(array($uid,$uid,$passHashed[0]['users_pass'])))
<?php
class Login extends Dbh {
protected function getUser($uid, $upass) {
$stmt = $this->connect()->prepare("SELECT users_pass FROM users WHERE users_name = ? OR users_email = ?;");
if(!$stmt->execute([$uid, $uid])){
header("location: ../index.php?error=stmtFailed");
exit;
}
if($stmt->rowCount() === 0) {
header("location: ../index.php?error=usernotfound");
exit;
}
$passHashed = $stmt->fetch(PDO::FETCH_ASSOC);
$checkPass = password_verify($upass, $passHashed["users_pass"]);
if (!$checkPass) {
header("location: ../index.php?error=wrongpassword");
exit;
}
$stmt = $this->connect()->prepare("SELECT * FROM users WHERE (users_name = ? OR users_email = ?) AND users_pass = ?;");
if(!$stmt->execute([$uid, $uid, password_hash($upass, PASSWORD_DEFAULT)])){
header("location: ../index.php?error=stmtFailed");
exit;
}
if($stmt->rowCount() === 0) {
header("location: ../index.php?error=usernotfound");
exit;
}
$user = $stmt->fetch(PDO::FETCH_ASSOC);
session_start();
$_SESSION["userid"] = $user["users_id"];
$_SESSION["useruid"] = $user["users_name"];
}
}
$uid
and $upass
as parameters, when in fact it should be [$uid, $uid]
;$uid
和$upass
作为参数传递,而实际上它应该是[$uid, $uid]
;$stmt->fetch(PDO::FETCH_ASSOC)
.$stmt->fetch(PDO::FETCH_ASSOC)
。 Avoiding having to access the first index every time;users_name
and users_email
should be grouped together;users_name
和users_email
的条件应该组合在一起;password_verify()
function to validate the password, which indicates that the stored password is encrypted (good), in this if you should encrypt the password before passing it to the query;password_verify()
函数来验证密码,这表明存储的密码已加密(良好),如果您应该加密将密码传递给查询之前的密码; You can also change one of the usernotfound
error messages to usernotfoundalt
and see which of the two it is triggering the error.您还可以将
usernotfound
错误消息之一更改为usernotfoundalt
并查看触发错误的两个错误消息中的哪一个。 Also check if user passwords are saved encrypted in the database.还要检查用户密码是否以加密方式保存在数据库中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.