登錄系統密碼和用戶名
[英]Login system password and username
問題描述
我為signin.php文件編寫了php代碼,查詢對我的用戶名有效,但是當我輸入password變量時,它什么也沒做。 我希望用戶輸入用戶名和密碼,因為他們只需要輸入用戶名和密碼即可進入受限頁面。 它檢查用戶名是否在數據庫表中,如果存在,它將進入受限頁面。 我發布了這樣的問題,我得到了很好的答案,但是我不知道將信息放在哪里,這是我的process.php:
<?php
include("db.php");
$username = $_POST['username'];
$pw = $_POST['StorePassword'];
if ( isset( $_POST['login'] ) ) {
$query = mysqli_query($conn, "SELECT * FROM users WHERE username='".$username."' StorePassword='".$pw."' ");
$StorePassword = password_hash($pw, PASSWORD_BCRYPT, array('cost' => 8));
if ( mysqli_num_rows($query) > 0 ) {
while ( $row = mysqli_fetch_assoc( $query ) ) {
if ( $row['StorePassword'] == $pw ) {
header("Location: home.php");
} else {
echo "Wrong password";
}
}
} else {
echo "User not found <br />";
}
if(empty($pw)){
echo"Please enter your password.";
} else{
}
}
?>
<html>
<body>
<a href="signin.php">Please try again</a>
</body>
</html>
1 個解決方案
解決方案1
3
首先,您應該使用准備好的語句來保證安全性。
步驟1:您要檢查是否已輸入用戶名和密碼:
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
die ('You must enter a username and password!');
}
步驟2:根據您的數據庫檢查用戶名:
if ($stmt = $conn->prepare('SELECT password FROM users WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$username = $_POST['username'];
$stmt->bind_param('s', $username);
if(!$stmt->execute()){
trigger_error("there was an error....".$mysqli->error, E_USER_WARNING);
}
$stmt->store_result();
第3步:檢查密碼是否匹配(PHP手冊中的password_verify) :
if ($stmt->num_rows > 0) {
$stmt->bind_result($password);
$stmt->fetch();
// Account exists, now we verify the password.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has loggedin!
header("Location: home.php");
} else {
echo 'Incorrect username and/or password!';
}
} else {
echo 'User doesnt exist';
}
$stmt->close();
全部一起:
<?php
session_start();
include("db.php");
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
die ('Username and/or password not set');
}
// Prepare our SQL
if ($stmt = $mysqli->prepare('SELECT password FROM users WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$username = $_POST['username'];
$username = strtolower($username);
$stmt->bind_param('s', $username);
if(!$stmt->execute()){
trigger_error("there was an error....".$mysqli->error, E_USER_WARNING);
}
$stmt->store_result();
// Store the result so we can check if the account exists in the database.
if ($stmt->num_rows > 0) {
$stmt->bind_result($password);
$stmt->fetch();
// Account exists, now we verify the password.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has loggedin!
header("Location: home.php");
} else {
echo 'Incorrect username and/or password!';
}
} else {
echo 'Incorrect username blar password!';
}
$stmt->close();
} else {
echo 'Could not prepare statement!';
}
?>
查看有關准備好的語句的PHP指南http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
使用不同表中的用戶名和密碼登錄系統,如何選擇?
[英]Login system with username and password from different tables, how to select from?
登錄系統:$ _POST ['username']和$ _POST ['password']始終為空
[英]Login system: $_POST['username'] and $_POST['password'] are always empty
即使密碼或用戶名不正確,我的 PHP 登錄系統仍然在登錄
[英]My PHP login system still Logging in even if the password or username is incorrect
Codeigniter 與用戶名和密碼匹配時登錄系統錯誤
[英]Codeigniter Login System Error when match with username and password
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.