[英]PHP login session not coming through (Login with SQL database)
The latest little 'challenge' I've made for myself is trying to code a good login screen on a site I'm making for some friends.我为自己做的最新的小“挑战”是尝试在我为一些朋友制作的网站上编写一个好的登录屏幕。 However, when I input my email and password as they are displayed in my SQL database, the file I use to check it with does not send out anything at all.
但是,当我输入我的电子邮件和密码时,它们显示在我的 SQL 数据库中,我用来检查它的文件根本不会发送任何内容。 My code looks as follows:
我的代码如下所示:
<?php
session_start();
if (isset($_SESSION['user'])) {
header('Location: mainpage.php');
}
require_once 'config.php';
$error_message = '';
if (isset($_POST['submit'])) {
$db = "epiz_31045019_TCDB";
$response = $db->check_credentials($_POST['email'], $_POST['password']);
if ($response['status'] == 'success') {
$_SESSION['user'] = array('id' => $response['id'], 'nickname' => $response['nickname']);
header('Location: mainpage.php');
}
}
?>
If that might prove to be useful, here are my login form and the config code I'm including as well:如果这可能被证明是有用的,这里是我的登录表单和我包括的配置代码:
<?php
$hostnaam = "host.com";
$gebruikersnaam = "username";
$wachtwoord = "password";
$db = "database";
$verbinding = mysqli_connect($hostnaam, $gebruikersnaam, $wachtwoord,
$db) or die ("Er kan geen verbinding tot stand worden gebracht:" .
mysqli_connect_error());
?>
<form action="datacheck.php" method="POST">
<div class="form-field">
<input type="email" name="email" id="email" placeholder="E-mailadres" required />
</div> <br>
<div class="form-field">
<input type="password" name="password" id="password" placeholder="Wachtwoord" required />
</div> <br>
<div class="form-field">
<button class="btn" type="submit">Log in</button>
</div>
</form>
Your code example:您的代码示例:
$hostnaam = "host.com";
$gebruikersnaam = "username";
$wachtwoord = "password";
$db = "database";
$verbinding = mysqli_connect($hostnaam, $gebruikersnaam, $wachtwoord,
$db) or die ("Er kan geen verbinding tot stand worden gebracht:" .
mysqli_connect_error());
If you are using variables to hold connection/login information you are going to use them once and then not need them, but later on in your code, all of those variables ( $wachtwoord
, $gebruikersnaam
, etc.) still exist.如果您使用变量来保存连接/登录信息,您将使用它们一次然后不需要它们,但稍后在您的代码中,所有这些变量(
$wachtwoord
、 $gebruikersnaam
等)仍然存在。
In the example you give, it would be safer practise to在您给出的示例中,更安全的做法是
hardcode the data directly into the connection function:将数据直接硬编码到连接函数中:
mysqli_connect("host.com", "username", "password", "database"); mysqli_connect("host.com", "username", "password", "database");
or Ensure you destroy the data as soon as you've finished with it:或确保在完成数据后立即销毁数据:
$hostnaam = "host.com"; $gebruikersnaam = "username"; $wachtwoord = "password"; $db = "database"; $verbinding = mysqli_connect($hostnaam, $gebruikersnaam, $wachtwoord, $db); unset($hostnaam,$gebruikersnaam, $wachtwoord,$db); // Or alternatively: // $hostnaam = $gebruikersnaam = $wachtwoord = $db = NULL;
Using die
statements and showing error messages directly to the browser / user is VERY bad practise and should never be done.使用
die
语句并直接向浏览器/用户显示错误消息是非常糟糕的做法,永远不应该这样做。
Try instead to throw errors to the PHP error log
.而是尝试将错误抛出到
PHP error log
。
if(!mysqli_connect("host.com", "username", "password", "database")){
error_log("There was a failure to connect to MySQL: ".mysqli_connect_error());
header("location: index.php?msg=".urlencode('Sorry there was an error.Can not connect.');
}
header
functions should always be followed by die/exit statements because when a header function is reached, PHP will continue to execute the rest of the script, even while the browser is redirected to a new page.header
函数应该始终跟在 die/exit 语句之后,因为当到达标头函数时,PHP 将继续执行脚本的其余部分,即使浏览器被重定向到新页面也是如此。 if(!mysqli_connect("host.com", "username", "password", "database")){
error_log("There was a failure to connect to MySQL: ".mysqli_connect_error());
header("location: index.php?msg=".urlencode('Sorry there was an error.Can not connect.'));
exit;
}
And finally, I would also highly recommend using PDO interface and using object orientated programming.最后,我还强烈推荐使用 PDO 接口和使用面向对象编程。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.