[英]PHP User login validation using login.php included in index.php not working
I have login.php including login class and login for handling. 我有login.php,包括登录类和用于处理的登录名。 I'm including the login.php in index.php 我将login.php包含在index.php中
Cant understand why validation not working, here is the code: 无法理解为什么验证不起作用,下面是代码:
login.php 的login.php
<?php
include_once('Database.php');
class login extends Database{
protected $_db;
public $_error;
public $_password;
public $_email;
public function __construct(){
$this->_db = new Database('localhost','root','','kupon') or $this->_error = 'Could not connect to database';
}
public function validate($email, $password){
$query = $this->_db->query("SELECT * FROM users WHERE email='$this->_email' AND password ='$this->_password'");
$rows = $this->_db->numrows();
if($rows == 1){
$result = mysql_fetch_assoc($query);
if ($results['email'] == $email && $results['password'] == $password);
return true;
} else{
$this->_error = '<p> User Does not exists</p>';
}
}
}
$login = new login();
if (isset($_POST['email']) && isset($_POST['password'])){
$email = $_POST['email'];
$password = $_POST['password'];
if($login->validate($email, $password))
echo 'your in';
}
?>
<form action="index.php" method="post" class="form">
<p class="email">
<input type="text" name="email" /> :דואר אלקטרוני</br>
</p>
<p class="password">
<input type="password" name="password" /> :סיסמא</br>
</p>
<p class="submit">
<input type="submit" value="היכנס" />
</p>
</form>
And I just include it in index.php 我只将它包含在index.php中
<?php
include_once ('php/ooplogin.php');
?>
What am I missing here? 我在这里想念什么?
your validating the user here: 您在此处验证用户:
$query = $this->_db->query("SELECT * FROM users WHERE email='$this->_email' AND password ='$this->_password'");
and you are trying to do exactly same thing here: 并且您正在尝试在这里做完全相同的事情:
if ($results['email'] == $email && $results['password'] == $password);
return true;
Your function should looks like this: 您的函数应如下所示:
public function validate($email, $password){
// you should escape $email and $password to prevent SQL injection!!!
$query = $this->_db->query("SELECT * FROM users WHERE email='$email' AND passwoird='$password'");
$rows = $this->_db->numrows();
return !!$rows;
}
And you have security issue there. 而且那里存在安全问题。 Please read this article: 请阅读这篇文章:
And i don't know what you try acommplish here: 我不知道您在这里尝试过什么:
class login extends Database{
public function __construct(){
$this->_db = new Database(...
if you extendending Database
class why not: 如果扩展Database
类,为什么不这样做:
class login extends Database{
public function __construct() {
parent::__construct('localhost','root','','kupon') or $this->_error = 'Could not connect to database';
}
public function foobar() {
$query = $this->query("SELECT * FROM foo");
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.