验证用户名和密码
[英]Validating username and password
问题描述
我正在尝试创建一个登录表单,但是用户名和密码验证无法正常工作。 $AccountValidation始终返回0 ,而我很肯定我填写了正确的密码和用户名。 首先,用户必须注册更多的变量(即名),然后他们可以转到login.html页面,然后转到login.php下面的文件。
我已经var_dumped所有变量,所有都很好。
$Username = strip_tags($_POST['Username']);
$Password = md5(strip_tags($_POST['Password']));
if(empty($Username) || empty($Password)) die('Vul alle waarden in op <a href="login.php">het formulier</a>.');
$db = new mysqli($host, $user, $pass, 'accounts', 3306);
$sql = "SELECT Username, Password FROM users where Username = '$Username' AND Password = '" . $Password . '\'';
$results = $db->query($sql);
$AccountValidation = $results->num_rows;
if($AccountValidation == 1)
{
$_SESSION['login'] = 'yes';
header('location: xxxxx');
} else{
echo'Your account does not exist or you have not filled in the required information.<br> Retry <a href="Login.html">here</a> or create a new account <a href="GetInfo.html">here</a>';
}
?>
var_dump $结果
object(mysqli_result)#2 (5) { ["current_field"]=> int(0) ["field_count"]=> int(2) ["lengths"]=> NULL ["num_rows"]=> int(0) ["type"]=> int(0) }
var_dump $ AccountValidation
int(0)
编辑:
找到了解决方案。 MD5有32个字符,我只允许20个密码才能上传到MySQL。 有时候这可能是愚蠢的...
1 个解决方案
解决方案1
0 已采纳 2014-03-20 17:00:50
注意:此答案是使用MD5 ( 当前使用 )的替代方法。
我和OP都非常了解所涉及的风险。
“我是故意这样做的。我希望能够看到代码可以改进的地方,并继续对其进行改进。因为那是我将要接受培训的地方。该项目永远不会上线,这只是我想学习的东西。我也很开放建议。”
(已测试)
用户名和密码创建脚本:
<?php
DEFINE ('DB_USER', 'xxx');
DEFINE ('DB_PASSWORD', 'xxx');
DEFINE ('DB_HOST', 'xxx');
DEFINE ('DB_NAME', 'xxx');
$mysqli = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
OR die("could not connect");
$username = "user";
$password = "12345";
$md5_pass = md5($password);
$result = mysqli_query($mysqli,"INSERT INTO users (username, password) VALUES ('$username', '$md5_pass') ") or die(mysqli_error());
if($result){
echo "Success";
}
else{
echo "Sorry";
}
?>
登录脚本: (SQL / HTML作为单个文件)
<?php
DEFINE ('DB_USER', 'xxx');
DEFINE ('DB_PASSWORD', 'xxx');
DEFINE ('DB_HOST', 'xxx');
DEFINE ('DB_NAME', 'xxx');
$mysqli = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
OR die("could not connect");
if(isset($_POST['submit'])){
// Grab User submitted information
$name = mysqli_real_escape_string($mysqli,$_POST["users_name"]);
$pass = mysqli_real_escape_string($mysqli,md5($_POST["users_pass"]));
$result = mysqli_query($mysqli,"SELECT username, password FROM users WHERE username = '$name' AND password='$pass'");
$row = mysqli_fetch_array($result);
if($row["username"]==$name && $row["password"]==$pass){
echo"You are a validated user.";
}
else{
echo"Sorry, your credentials are not valid, Please try again.";
}
} // if(isset($_POST['submit'])){
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title></title>
</head>
<body>
<form method="post" action="">
<table border="1" >
<tr>
<td><label for="users_name">Username</label></td>
<td><input type="text"
name="users_name" id="users_name"></td>
</tr>
<tr>
<td><label for="users_pass">Password</label></td>
<td><input name="users_pass" type="password" id="users_pass"></input></td>
</tr>
<tr>
<td><input type="submit" name="submit" value="Submit"/>
<td><input type="reset" value="Reset"/>
</tr>
</table>
</form>
</body>
</html>
免责声明:
最好将mysqli_*函数与已准备好的语句或PDO结合使用,以及使用crypt()或PHP 5.5的password_hash()函数进行密码存储。
验证用户名和密码:调用非对象上的成员函数fetchAll()
[英]Validating username and password: Call to member function fetchAll() on non-object
在 PHP 中验证数据库中的用户名和密码后,如何使按钮转到特定页面
[英]How do you make a button go to a specific page after validating the Username and Password from the Database in PHP
RESTful服务-使用Phil Sturgeon Rest Server:使用用户名和密码验证用户的逻辑/功能?
[英]RESTful service - using Phil Sturgeon Rest Server : Logic / function for validating the users with their username and password?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.