[英]PHP- Login system
我正在嘗試為我的項目創建登錄系統,但我不知道如何檢查用戶輸入的密碼是否正確。
登錄.php
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
require_once("guest.php");
require_once("db.php");
$error = "";
global $tf_handle;
$gb = new guest();
if(isset($_POST['login']))
{
$u_email = mysqli_real_escape_string($tf_handle, $_POST['email']);
$u_password = mysqli_real_escape_string($tf_handle, $_POST['password']);
$check = $gb->email_exist($tf_handle,$u_email); // check if email exist in database
if($check) // if true
{
//check if the password is right
$chpassword = mysqli_query($tf_handle,"SELECT * FROM `users` WHERE `email` = '$u_email' AND `password` = '$u_password'");
if($chpassword)
{
$error = "Thanks for loggin , you will be redirected...";
header( "refresh:3;url=index.php" );
}
else
{
$error = "Email Doesn't Exist";
}
}
else
{
$error = "Wrong information";
}
}
?>
<!doctype html>
<html>
<head>
<title>Login Page</title>
<link rel="stylesheet" href="css/styles.css" />
</head>
<body>
<div id="error" style="<?php if ($error !=""){?> display:block;<?php }?>"><?php echo $error;?></div>
<div id="wrapper">
<div id="menu">
<a href="Registration.php">Sign Up</a>
<a href="Login.php">Login</a>
</div>
<div id="formDiv">
<form method="POST" action="Login.php">
<label>Email:</label><br/>
<input type="text" name="email" class="inputFields" required /><br/><br/>
<label>Password:</label><br/>
<input type="password" name="password" class="inputFields" required /><br/><br/>
<input type="checkbox" name="keep" />
<label>Keep me logged in</label><br/><br/>
<input type="submit" name="login" class="theButtons" value="Login!" />
</form>
</div>
</div>
</body>
</html>
來賓.php
<?php
require_once('db.php');
class guest
{
function email_exist($email,$con)
{
$result = mysqli_query($con,"SELECT * FROM `users` WHERE `email` = '$email'");
if(mysqli_num_rows($result) == 1)
{
return true;
}
else
{
return false;
}
}
}
問題出在下面的行中:
$chpassword = mysqli_query($tf_handle,"SELECT * FROM `users` WHERE `email` = '$u_email' AND `password` = '$u_password'");
或email_exist()
函數
它讓我登錄,即使密碼錯誤。
您使用了if()
語句。 您只是聲明了變量$chpassword
,從而調用了 SQL 查詢。 這成功了,所以條件為真。 它並沒有真正檢查它是否與數據庫中的密碼相同。
你會想要這樣的東西:
$query = mysql_query("select * from login where password='$password'
AND username='$username'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
...
}
根據手冊頁,即使沒有行,mysqli_query 也會返回結果,您需要執行以下操作:
$chpassword = mysqli_query($tf_handle,"SELECT * FROM `users` WHERE `email` = '$u_email' AND `password` = '$u_password'");
if($chpassword->num_rows > 0) {
/* do your login stuff */
} else {
/* do not logged in stuff */
}
另外作為旁注,我不會以純文本形式存儲密碼,我會使用hash_pbkdf2 之類的東西以加密方式存儲密碼。
創建一個類來為您處理。 你寫的代碼太多了。
class users
{
private $mysqli;
public function __construct()
{
$this->mysqli = new mysqli('localhost', 'root', '', 'yourDatabase');
$this->mysqli->set_charset("utf8");
}
public function isLoginValid($email, $password)
{
$query = $this->mysqli->prepare("SELECT email
FROM users
WHERE email = ? AND password = ?");
$query->bind_param("ss", $email, $password);
$query->execute();
$query->store_result();
return ($query->num_rows >= 1 ? TRUE : FALSE);
}
}
現在您唯一需要做的就是調用類和函數。 如果(我希望如此)您使用文件來分隔類,請執行以下操作:
require_once('users.php');
$user = new users();
if($user->isLoginValid('stack@stackoverflow.com', '123456') == FALSE)
{
echo 'Hold on, there was a problem..';
return;
}
/*
* 1. Set the session
* 2. Set the cookie
* 3. Redirect the user
*/
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.