[英]Login verification with existing database user (PHP)
我是PHP的新手,正在嘗試創建一個不使用模板代碼的Login系統。 我連接到以下代碼的注冊表單可以正常運行,並將用戶毫無問題地保存到數據庫中。
現在,這是我的登錄代碼。 我已經創建了幾個用戶,可以使用我的注冊表格進行測試。 這就是我在PHP中所擁有的:
<?php
session_start();
include_once('classes/connection.php');
if(isset($_POST['username']))
{
if(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = mysqli_real_escape_string($link, $_POST['username']);
$password = md5(mysqli_real_escape_string($link, $_POST['password']));
$checklogin = mysqli_query($link, "SELECT * FROM tblusers WHERE username = '".$username."' AND password = '".$password."'");
if(mysqli_num_rows($checklogin) == 1)
{
$row = mysqli_fetch_array($checklogin);
$username = $row['username'];
$email = $row['email'];
$name = $row['name'];
$surname = $row['surname'];
$_SESSION['Username'] = $username;
$_SESSION['Email'] = $email;
$_SESSION['Name'] = $name;
$_SESSION['Surname'] = $surname;
$_SESSION['LoggedIn'] = 1;
header('location: index.php');
}
else
{
$feedback= "<p>Your account was not found, please try again.</p>";
}
} else
{
$feedback= "<p>Please fill in all the blank areas.</p>";
}
}
?>
這是與此相關的HTML:
<article>
<?php if(isset($feedback)): ?> <!-- BEGIN FEEDBACK -->
<div id="feedback">
<?php echo $feedback ?>
</div>
<?php endif; ?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<h2>Login</h2>
<table><tr>
<td>Username:</td>
<td><input size="10%" id="username" class="form-text" name="username"type="text"/></td></tr>
<tr>
<td>Password:</td>
<td><input size="10%" id="password" class="form-text" name="password" type="password"/></td>
</tr>
<tr>
<td></td>
<td><input name="loginknop" type="submit" value="Login" />
<a href="register.php">No account? Click here!</a></td>
</tr></table>
</form>
</article>
對我來說,這一切似乎都是正確的,並且能夠正常運行。 但是,每次我測試該登錄名時,例如:USERNAME:TEST和PASSWORD:TEST123(作為潛在用戶,它已經在我的數據庫中),我得到的反饋是:“找不到您的帳戶,請嘗試再次。”
所以我的問題是: 1)我該如何解決? 我相信我的代碼是正確的,但我不知道為什么它一直告訴我我的帳戶不存在。
2)我們也很感謝有關如何改進或縮短此代碼的建議,我很想學習
您只需要在php文件中添加一些調試代碼行,就可以找到問題所在。
例如:
if(!empty($_POST['username']) && !empty($_POST['password']))
{
echo "You entered: username={$_POST['username']}, password={$_POST['password']}<br>";
$username = mysqli_real_escape_string($link, $_POST['username']);
$password = md5(mysqli_real_escape_string($link, $_POST['password']));
echo "Your username after escaping: {$username}<br>";
echo "Your password after scaping and MD5: {$password}<br>";
$checklogin = mysqli_query($link, "SELECT * FROM tblusers WHERE username = '".
$username."' AND password = '".$password."'");
echo "Count of users with the same username and password = " . mysqli_num_rows($checklogin);
$checkusername = mysqli_query($link, "SELECT * FROM tblusers WHERE username = '". $username."'");
echo "Count of users with the same username = " . mysqli_num_rows($checkusername);
$checkpass = mysqli_query($link, "SELECT * FROM tblusers WHERE password = '". $password."'");
echo "Count of users with the same password md5 = " . mysqli_num_rows($checkpass);
if(mysqli_num_rows($checklogin) == 1)
{
$row = mysqli_fetch_array($checklogin);
$username = $row['username'];
$email = $row['email'];
$name = $row['name'];
$surname = $row['surname'];
$_SESSION['Username'] = $username;
$_SESSION['Email'] = $email;
$_SESSION['Name'] = $name;
$_SESSION['Surname'] = $surname;
$_SESSION['LoggedIn'] = 1;
//header('location: index.php'); <-- comment it to see debug info
}
之后,您可以看到問題所在。 我現在看到的可能是:
附言:如果這對您沒有幫助,請在此處發布您嘗試登錄后獲得的所有回聲的輸出!
這行:
$password = md5(mysqli_real_escape_string($link, $_POST['password']));
將您輸入的數據輸入屏幕TEST123
並TEST123
創建一個MD5
哈希。 因此它將看起來像這樣:
22b75d6007e06f4a959d1b1d69b4c4bd
因此,如果您說您的數據庫有一個
username = 'TEST'
password = "TEST123'
當您查詢時
$checklogin = mysqli_query($link, "SELECT * FROM tblusers WHERE username = '$username' AND password = '$password' ");
$password will = 22b75d6007e06f4a959d1b1d69b4c4bd
但tabuser.password將='TEST123'因此將不選擇該行!
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.