使用电子邮件或用户名登录 PHP MySql
[英]PHP MySql login with either email or username
问题描述
我不明白为什么我不能用电子邮件登录,只能用用户名登录。
这是我的登录表单:
<form action="includes/login.inc.php" method="post">
<div class="inputBox">
<input type="text" name="uname" placeholder="Username">
<input type="password" name="upass" placeholder="Password">
</div>
<input type="submit" name="submit" value="Login">
</form>
这是我的注册表:
<form action="includes/signup.inc.php" method="post">
<div class="inputBox">
<input type="text" name="uname" placeholder="Username">
<input type="text" name="uemail" placeholder="E-mail">
<input type="password" name="upass" placeholder="Password">
<input type="password" name="urpass" placeholder="Repeat Password">
</div>
<input type="submit" name="submit" value="Sign Up">
</form>
我的包含文件:
注册包含文件:
<?php
if(isset($_POST['submit'])){
//Grabbing the Data
$uid = $_POST["uname"];
$uemail = $_POST["uemail"];
$upass = $_POST["upass"];
$urpass = $_POST["urpass"];
//Instantiate SignupContr class
include "../classes/dbh.classes.php";
include "../classes/signup.classes.php";
include "../classes/signup-contr.classes.php";
$signup = new SignupContr($uid, $uemail, $upass, $urpass);
//Running error handlers and user signup
$signup -> signupUser();
//Going back to home page
header("location:../index.php?error=none");
}
登录包含文件:
<?php
if(isset($_POST['submit'])){
//Grabbing the Data
$uid = $_POST["uname"];
$upass = $_POST["upass"];
//Instantiate SignupContr class
include "../classes/dbh.classes.php";
include "../classes/login.classes.php";
include "../classes/login-contr.classes.php";
$login = new loginContr($uid, $upass);
//Running error handlers and user signup
$login -> loginUser();
//Going back to home page
header("location:../index.php?error=none");
}
注销包含文件:
<?php
session_start();
session_unset();
session_destroy();
//Going back to home page
header("location: ../index.php");
我的课程文件->
注册类文件:
<?php
class Signup extends Dbh {
protected function setUser($uid, $upass, $uemail) {
$stmt = $this -> connect() -> prepare('INSERT INTO users (users_name, users_pass, users_email) VALUES (?, ?, ?)');
$hashedPass = password_hash($upass, PASSWORD_DEFAULT);
if(!$stmt -> execute(array($uid, $hashedPass, $uemail))){
$stmt = null;
header("location: ../index.php?error=stmtFailed");
exit();
}
$stmt = null;
}
protected function checkUser($uid, $uemail) {
$stmt = $this -> connect() -> prepare('SELECT users_name FROM users WHERE users_name = ? OR users_email = ?;');
if(!$stmt -> execute(array($uid,$uemail))){
$stmt = null;
header("location: ../index.php?error=stmtFailed");
exit();
}
$resultCheck;
if($stmt -> rowCount() > 0) {
$resultCheck = false;
}
else {
$resultCheck = true;
}
return $resultCheck;
}
}
注册控制类文件:
<?php
class SignupContr extends Signup {
private $uid;
private $uemail;
private $upass;
private $urpass;
public function __construct($uid, $uemail, $upass, $urpass) {
$this -> uid = $uid;
$this -> uemail = $uemail;
$this -> upass = $upass;
$this -> urpass = $urpass;
}
//Error Handlers
public function signupUser() {
if($this -> emptyInput() == false) {
//Echo empty input
header("location: ../index.php?error=emptyinput");
exit();
}
if($this -> invalidUid() == false) {
//Echo invalid username
header("location: ../index.php?error=invalidusername");
exit();
}
if($this -> invalidEmail() == false) {
//Echo invalid email
header("location: ../index.php?error=invalidemail");
exit();
}
if($this -> pwdMatch() == false) {
//Echo password match
header("location: ../index.php?error=invalidpasswordmatch");
exit();
}
if($this -> uidTakenCheck() == false) {
//Echo Username or email taken
header("location: ../index.php?error=usernameoremailtaken");
exit();
}
$this -> setUser($this -> uid, $this -> upass, $this -> uemail);
}
private function emptyInput() {
$result;
if(empty($this -> uid || empty($this -> uemail) || empty($this -> upass) || empty($this -> urpass))) {
$result = false;
}
else {
$result = true;
}
return $result;
}
private function invalidUid() {
$result;
if(!preg_match("/^[a-zA-Z0-9]*$/", $this-> uid)){
$result = false;
}
else {
$result = true;
}
return $result;
}
private function invalidEmail() {
$result;
if(!filter_var($this-> uemail, FILTER_VALIDATE_EMAIL)) {
$result = false;
}
else {
$result = true;
}
return $result;
}
private function pwdMatch() {
$result;
if($this -> upass !== $this -> urpass) {
$result = false;
}
else {
$result = true;
}
return $result;
}
private function uidTakenCheck() {
$result;
if(!$this -> checkUser($this -> uid, $this -> uemail)) {
$result = false;
}
else {
$result = true;
}
return $result;
}
}
登录类文件:
<?php
class Login extends Dbh {
protected function getUser($uid, $upass) {
$stmt = $this -> connect() -> prepare('SELECT users_pass FROM users WHERE users_name = ? OR users_email = ?;');
if(!$stmt -> execute(array($uid, $upass))){
$stmt = null;
header("location: ../index.php?error=stmtFailed");
exit();
}
if($stmt -> rowCount() == 0) {
$stmt = null;
header("location: ../index.php?error=usernotfound");
exit();
}
$passHashed = $stmt -> fetchAll(PDO::FETCH_ASSOC);
$checkPass = password_verify($upass, $passHashed[0]["users_pass"]);
if($checkPass == false) {
$stmt = null;
header("location: ../index.php?error=wrongpassword");
exit();
}elseif($checkPass == true) {
$stmt = $this -> connect() -> prepare('SELECT * FROM users WHERE users_name = ? OR users_email = ? AND users_pass = ?;');
if(!$stmt -> execute(array($uid, $uid, $upass))){
$stmt = null;
header("location: ../index.php?error=stmtFailed");
exit();
}
if($stmt -> rowCount() == 0) {
$stmt = null;
header("location: ../index.php?error=usernotfound");
exit();
}
$user = $stmt -> fetchAll(PDO::FETCH_ASSOC);
session_start();
$_SESSION["userid"] = $user[0]["users_id"];
$_SESSION["useruid"] = $user[0]["users_name"];
$stmt = null;
}
}
}
登录控制类文件:
<?php
class loginContr extends Login {
private $uid;
private $upass;
public function __construct($uid, $upass) {
$this -> uid = $uid;
$this -> upass = $upass;
}
//Error Handlers
public function loginUser() {
if($this -> emptyInput() == false) {
//Echo empty input
header("location: ../index.php?error=emptyinput");
exit();
}
$this -> getUser($this -> uid, $this -> upass);
}
private function emptyInput() {
$result;
if(empty($this -> uid || empty($this -> upass))) {
$result = false;
}
else {
$result = true;
}
return $result;
}
}
用户表的结构:
CREATE TABLE users (
users_id int(11) AUTO_INCREMENT PRIMARY KEY not null,
users_name TINYTEXT not null,
users_email TINYTEXT not null,
users_pass LONGTEXT not null
);
用户表记录:
解决方案:
<?php
class Login extends Dbh {
protected function getUser($uid, $upass) {
$stmt = $this -> connect() -> prepare('SELECT users_pass FROM users WHERE users_name = ? OR users_email = ?;');
if(!$stmt -> execute(array($uid, $uid))){
$stmt = null;
header("location: ../index.php?error=stmtFailed");
exit();
}
if($stmt -> rowCount() == 0) {
$stmt = null;
header("location: ../index.php?error=usernotfound");
exit();
}
$passHashed = $stmt -> fetchAll(PDO::FETCH_ASSOC);
$checkPass = password_verify($upass, $passHashed[0]["users_pass"]);
if($checkPass == false) {
$stmt = null;
header("location: ../index.php?error=wrongpassword");
exit();
}elseif($checkPass == true) {
$stmt = $this -> connect() -> prepare('SELECT * FROM users WHERE (users_name = ? OR users_email = ?) AND users_pass = ?;');
if(!$stmt->execute(array($uid,$uid,$passHashed[0]['users_pass']))){
$stmt = null;
header("location: ../index.php?error=stmtFailed");
exit();
}
if($stmt -> rowCount() == 0) {
$stmt = null;
header("location: ../index.php?error=usernotfoundalt");
exit();
}
$user = $stmt -> fetchAll(PDO::FETCH_ASSOC);
session_start();
$_SESSION["userid"] = $user[0]["users_id"];
$_SESSION["useruid"] = $user[0]["users_name"];
$stmt = null;
}
}
}
我不得不将if(!$stmt -> execute(array($uid, $upass)))更改为
if(!$stmt -> execute(array($uid, $uid))) 。 还有
$stmt = $this -> connect() -> prepare('SELECT * FROM users WHERE users_name = ? OR users_email = ? AND users_pass = ?;');
to `$stmt = $this -> connect() -> prepare('SELECT * FROM users WHERE (users_name = ? OR users_email = ?) AND users_pass = ?;');`
最后是if(!$stmt->execute(array($uid,$uid,$passHashed[0]['users_pass'])))到if(!$stmt ->execute(array($uid,$uid,$passHashed[0]['users_pass'])))
1 个解决方案
解决方案1
0 2022-05-08 18:51:46
<?php
class Login extends Dbh {
protected function getUser($uid, $upass) {
$stmt = $this->connect()->prepare("SELECT users_pass FROM users WHERE users_name = ? OR users_email = ?;");
if(!$stmt->execute([$uid, $uid])){
header("location: ../index.php?error=stmtFailed");
exit;
}
if($stmt->rowCount() === 0) {
header("location: ../index.php?error=usernotfound");
exit;
}
$passHashed = $stmt->fetch(PDO::FETCH_ASSOC);
$checkPass = password_verify($upass, $passHashed["users_pass"]);
if (!$checkPass) {
header("location: ../index.php?error=wrongpassword");
exit;
}
$stmt = $this->connect()->prepare("SELECT * FROM users WHERE (users_name = ? OR users_email = ?) AND users_pass = ?;");
if(!$stmt->execute([$uid, $uid, password_hash($upass, PASSWORD_DEFAULT)])){
header("location: ../index.php?error=stmtFailed");
exit;
}
if($stmt->rowCount() === 0) {
header("location: ../index.php?error=usernotfound");
exit;
}
$user = $stmt->fetch(PDO::FETCH_ASSOC);
session_start();
$_SESSION["userid"] = $user["users_id"];
$_SESSION["useruid"] = $user["users_name"];
}
}
- 在第 5 行,您将
$uid和$upass作为参数传递,而实际上它应该是[$uid, $uid]; - 在第 15 行,由于它是一个登录脚本,因此通常只期望给定数据只有一个结果,因此您可以使用
$stmt->fetch(PDO::FETCH_ASSOC)。 避免每次都访问第一个索引; - 在第 22 行,
users_name和users_email的条件应该组合在一起; - 在第 23 行,您将纯文本密码传递给查询,但在第 16 行,您使用
password_verify()函数来验证密码,这表明存储的密码已加密(良好),如果您应该加密将密码传递给查询之前的密码;
您还可以将usernotfound错误消息之一更改为usernotfoundalt并查看触发错误的两个错误消息中的哪一个。 还要检查用户密码是否以加密方式保存在数据库中。
无法使用数据库中的电子邮件和用户名登录(Codeigniter php)
[英]Cant login with email and username that is on database (Codeigniter php)
提供电子邮件或用户名可以充当用户名的登录系统时,是否需要避免任何安全问题?
[英]Are there any security issues to avoid when providing a either-email-or-username-can-act-as-username login system?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.