我正在尝试创建一个登录表单,但是用户名和密码验证无法正常工作。$AccountValidation总是返回0,我很肯定我输入了正确的密码和用户名。首先,用户必须注册更多的变量(即名),然后他们才能转到login.html页面,然后转到下面的文件login.php。
我拥有var_dumped所有变量,并且一切顺利。
$Username = strip_tags($_POST['Username']);
$Password = md5(strip_tags($_POST['Password']));
if(empty($Username) || empty($Password)) die('Vul alle waarden in op <a href="login.php">het formulier</a>.');
$db = new mysqli($host, $user, $pass, 'accounts', 3306);
$sql = "SELECT Username, Password FROM users where Username = '$Username' AND Password = '" . $Password . '\'';
$results = $db->query($sql);
$AccountValidation = $results->num_rows;
if($AccountValidation == 1)
{
$_SESSION['login'] = 'yes';
header('location: xxxxx');
} else{
echo'Your account does not exist or you have not filled in the required information.<br> Retry <a href="Login.html">here</a> or create a new account <a href="GetInfo.html">here</a>';
}
?>
var_dump $结果
object(mysqli_result)#2 (5) { ["current_field"]=> int(0) ["field_count"]=> int(2) ["lengths"]=> NULL ["num_rows"]=> int(0) ["type"]=> int(0) }
var_dump $ AccountValidation
int(0)
编辑:
找到了解决方案。MD5有32个字符,我只允许20个密码才能上载到MySQL。有时候这可能是愚蠢的...
注意:此答案是使用MD5(目前使用)的替代方法。
我和OP都非常了解所涉及的风险。
“我是故意这样做的。我希望能够看到代码可以改进的地方,并继续进行改进。因为那是我将要接受培训的地方。该项目永远不会上线,这只是我想学习的东西。不过,我也很开放建议。”
(已测试)
用户名和密码创建脚本:
<?php
DEFINE ('DB_USER', 'xxx');
DEFINE ('DB_PASSWORD', 'xxx');
DEFINE ('DB_HOST', 'xxx');
DEFINE ('DB_NAME', 'xxx');
$mysqli = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
OR die("could not connect");
$username = "user";
$password = "12345";
$md5_pass = md5($password);
$result = mysqli_query($mysqli,"INSERT INTO users (username, password) VALUES ('$username', '$md5_pass') ") or die(mysqli_error());
if($result){
echo "Success";
}
else{
echo "Sorry";
}
?>
登录脚本:(SQL / HTML作为单个文件)
<?php
DEFINE ('DB_USER', 'xxx');
DEFINE ('DB_PASSWORD', 'xxx');
DEFINE ('DB_HOST', 'xxx');
DEFINE ('DB_NAME', 'xxx');
$mysqli = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
OR die("could not connect");
if(isset($_POST['submit'])){
// Grab User submitted information
$name = mysqli_real_escape_string($mysqli,$_POST["users_name"]);
$pass = mysqli_real_escape_string($mysqli,md5($_POST["users_pass"]));
$result = mysqli_query($mysqli,"SELECT username, password FROM users WHERE username = '$name' AND password='$pass'");
$row = mysqli_fetch_array($result);
if($row["username"]==$name && $row["password"]==$pass){
echo"You are a validated user.";
}
else{
echo"Sorry, your credentials are not valid, Please try again.";
}
} // if(isset($_POST['submit'])){
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title></title>
</head>
<body>
<form method="post" action="">
<table border="1" >
<tr>
<td><label for="users_name">Username</label></td>
<td><input type="text"
name="users_name" id="users_name"></td>
</tr>
<tr>
<td><label for="users_pass">Password</label></td>
<td><input name="users_pass" type="password" id="users_pass"></input></td>
</tr>
<tr>
<td><input type="submit" name="submit" value="Submit"/>
<td><input type="reset" value="Reset"/>
</tr>
</table>
</form>
</body>
</html>
免责声明:
最好将mysqli_*函数与已准备好的语句或PDO结合使用,以及将crypt()PHP 5.5或PHP 5.5的password_hash()函数用于密码存储。
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句