Can';t使用OOP PHP登录(准备好的语句)
最近,我一直在努力使用OOP-PHP和Prepared语句创建登录系统。当我在输入正确的用户名和密码后单击登录按钮时,它仍然验证我输入了错误的用户名和密码。这是我的密码。任何帮助都将不胜感激。谢谢 login.phpCan';t使用OOP PHP登录(准备好的语句),php,ajax,oop,login,prepared-statement,Php,Ajax,Oop,Login,Prepared Statement,最近,我一直在努力使用OOP-PHP和Prepared语句创建登录系统。当我在输入正确的用户名和密码后单击登录按钮时,它仍然验证我输入了错误的用户名和密码。这是我的密码。任何帮助都将不胜感激。谢谢 login.php <?php require_once 'templates/header.php'; ?> <link rel="stylesheet" type="text/css" href="styles/login-style.css"> <sc
<?php
require_once 'templates/header.php';
?>
<link rel="stylesheet" type="text/css" href="styles/login-style.css">
<script type="text/javascript" src="https://code.jquery.com/jquery-
3.3.1.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$('#login').click(function(event){
event.preventDefault();
var username = $('#usernameID').val();
var password = $('#passwordID').val();
$.post("validation/validation_login.php",{
user_val : username,
password_val : password,
},function(data){
$('.error-message').html(data);
});
});
});
</script>
<title>Login</title>
<form>
<h1>Login</h1>
<input type="text" id="usernameID" name="username"
placeholder="Username" autocomplete="off"> <br>
<input type="password" id="passwordID" name="password"
placeholder="Password" autocomplete="off"> <br>
<input type="button" id="login" name="register-button" value="Login">
</form>
<div class="error-message">
</div>
<?php
require_once 'templates/footer.php';
?>
<?php
require_once '../classes/input.php';
require_once '../classes/session.php';
require_once '../classes/database.php';
class validation_login{
private $username,$password;
public $errorMessage;
public function validate_login(){
$db = new database();
$this->username = input::get('user_val');
$this->password = input::get('password_val');
if(empty($this->username) || empty($this->password)){
$this->errorMessage = "Please fill all the fields!";
return false;
}else if(!$db->login()){
$this->errorMessage = "Invalid username or password!";
return false;
}else{
session::set('username',$this->username);
header('Location: index.php');
return true;
}
}
}
$validate_login = new validation_login();
$validate_login->validate_login();
echo "$validate_login->errorMessage";
?>
<?php
class database{
//db_initialization
private $HOST = 'localhost',
$USERNAME = 'root',
$PASSWORD = '',
$DBNAME = 'auth',
$connect;
//db_insert
private $usernameInput,
$firstnameInput,
$lastnameInput,
$passwordInput,
$hashedPassword;
public function __construct(){
$this->connect = new mysqli($this->HOST,$this->USERNAME,
$this->PASSWORD,$this->DBNAME) or die('connection error');
}
public function insert_data(){
$sql = "INSERT INTO users
(username,first_name,last_name,password) VALUES (?,?,?,?)";
if($statement = $this->connect->prepare($sql)){
$this->usernameInput = input::get('user_val');
$this->firstnameInput = input::get('first_name_val');
$this->lastnameInput = input::get('last_name_val');
$this->passwordInput = input::get('password_val');
$this->hashedPassword = password_hash( $this->passwordInput,
PASSWORD_DEFAULT);
$statement->bind_param("ssss",$this->usernameInput,
$this- >firstnameInput,$this->lastnameInput,
$this->hashedPassword);
$statement->execute();
}
}
public function validate_same_username(){
$sql_same_username = "SELECT username FROM users WHERE
username = ?";
if($statement_same_username =
$this->connect->prepare($sql_same_username)){
$this->usernameInput = input::get('user_val');
$statement_same_username->bind_param("s",
$this->usernameInput);
$statement_same_username->execute();
$result = $statement_same_username->get_result();
$num_rows = $result->num_rows;
if($num_rows > 0){
return false;
}else{
return true;
}
}
}
public function login(){
$sql_login = "SELECT username , password FROM users WHERE
username = ?";
if($statement_login = $this->connect->prepare($sql_login)){
$this->usernameInput = input::get('user_val');
$this->passwordInput = input::get('password_val');
$statement_login->bind_param("s",
$this->usernameInput);
$statement_login->execute();
//get hashed password from database
$statement_login->bind_result($username,$password);
if(password_verify($this->passwordInput,$password)){
return true;
}else{
return false;
}
}
}
}
?>
<?php
class session{
public static function set($name,$value){
return $name = $_SESSION[$value];
}
public static function get($name){
return $_SESSION[$name];
}
public static function exists($name){
if(isset($_SESSION[$name])){
return true;
}else{
return false;
}
}
}
?>
<?php
class input{
public static function get($name){
if(isset($_POST[$name])){
return $_POST[$name];
}else if(isset($_GET[$name])){
return $_GET[$name];
}else{
return false;
}
}
}
?>
$(文档).ready(函数(){
$(“#登录”)。单击(函数(事件){
event.preventDefault();
var username=$('#usernameID').val();
var password=$('#passwordID').val();
$.post(“validation/validation\u login.php”{
user\u val:用户名,
密码值:密码,
},函数(数据){
$('.error message').html(数据);
});
});
});
登录
登录
验证\u login.php
<?php
require_once 'templates/header.php';
?>
<link rel="stylesheet" type="text/css" href="styles/login-style.css">
<script type="text/javascript" src="https://code.jquery.com/jquery-
3.3.1.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$('#login').click(function(event){
event.preventDefault();
var username = $('#usernameID').val();
var password = $('#passwordID').val();
$.post("validation/validation_login.php",{
user_val : username,
password_val : password,
},function(data){
$('.error-message').html(data);
});
});
});
</script>
<title>Login</title>
<form>
<h1>Login</h1>
<input type="text" id="usernameID" name="username"
placeholder="Username" autocomplete="off"> <br>
<input type="password" id="passwordID" name="password"
placeholder="Password" autocomplete="off"> <br>
<input type="button" id="login" name="register-button" value="Login">
</form>
<div class="error-message">
</div>
<?php
require_once 'templates/footer.php';
?>
<?php
require_once '../classes/input.php';
require_once '../classes/session.php';
require_once '../classes/database.php';
class validation_login{
private $username,$password;
public $errorMessage;
public function validate_login(){
$db = new database();
$this->username = input::get('user_val');
$this->password = input::get('password_val');
if(empty($this->username) || empty($this->password)){
$this->errorMessage = "Please fill all the fields!";
return false;
}else if(!$db->login()){
$this->errorMessage = "Invalid username or password!";
return false;
}else{
session::set('username',$this->username);
header('Location: index.php');
return true;
}
}
}
$validate_login = new validation_login();
$validate_login->validate_login();
echo "$validate_login->errorMessage";
?>
<?php
class database{
//db_initialization
private $HOST = 'localhost',
$USERNAME = 'root',
$PASSWORD = '',
$DBNAME = 'auth',
$connect;
//db_insert
private $usernameInput,
$firstnameInput,
$lastnameInput,
$passwordInput,
$hashedPassword;
public function __construct(){
$this->connect = new mysqli($this->HOST,$this->USERNAME,
$this->PASSWORD,$this->DBNAME) or die('connection error');
}
public function insert_data(){
$sql = "INSERT INTO users
(username,first_name,last_name,password) VALUES (?,?,?,?)";
if($statement = $this->connect->prepare($sql)){
$this->usernameInput = input::get('user_val');
$this->firstnameInput = input::get('first_name_val');
$this->lastnameInput = input::get('last_name_val');
$this->passwordInput = input::get('password_val');
$this->hashedPassword = password_hash( $this->passwordInput,
PASSWORD_DEFAULT);
$statement->bind_param("ssss",$this->usernameInput,
$this- >firstnameInput,$this->lastnameInput,
$this->hashedPassword);
$statement->execute();
}
}
public function validate_same_username(){
$sql_same_username = "SELECT username FROM users WHERE
username = ?";
if($statement_same_username =
$this->connect->prepare($sql_same_username)){
$this->usernameInput = input::get('user_val');
$statement_same_username->bind_param("s",
$this->usernameInput);
$statement_same_username->execute();
$result = $statement_same_username->get_result();
$num_rows = $result->num_rows;
if($num_rows > 0){
return false;
}else{
return true;
}
}
}
public function login(){
$sql_login = "SELECT username , password FROM users WHERE
username = ?";
if($statement_login = $this->connect->prepare($sql_login)){
$this->usernameInput = input::get('user_val');
$this->passwordInput = input::get('password_val');
$statement_login->bind_param("s",
$this->usernameInput);
$statement_login->execute();
//get hashed password from database
$statement_login->bind_result($username,$password);
if(password_verify($this->passwordInput,$password)){
return true;
}else{
return false;
}
}
}
}
?>
<?php
class session{
public static function set($name,$value){
return $name = $_SESSION[$value];
}
public static function get($name){
return $_SESSION[$name];
}
public static function exists($name){
if(isset($_SESSION[$name])){
return true;
}else{
return false;
}
}
}
?>
<?php
class input{
public static function get($name){
if(isset($_POST[$name])){
return $_POST[$name];
}else if(isset($_GET[$name])){
return $_GET[$name];
}else{
return false;
}
}
}
?>
database.php
<?php
require_once 'templates/header.php';
?>
<link rel="stylesheet" type="text/css" href="styles/login-style.css">
<script type="text/javascript" src="https://code.jquery.com/jquery-
3.3.1.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$('#login').click(function(event){
event.preventDefault();
var username = $('#usernameID').val();
var password = $('#passwordID').val();
$.post("validation/validation_login.php",{
user_val : username,
password_val : password,
},function(data){
$('.error-message').html(data);
});
});
});
</script>
<title>Login</title>
<form>
<h1>Login</h1>
<input type="text" id="usernameID" name="username"
placeholder="Username" autocomplete="off"> <br>
<input type="password" id="passwordID" name="password"
placeholder="Password" autocomplete="off"> <br>
<input type="button" id="login" name="register-button" value="Login">
</form>
<div class="error-message">
</div>
<?php
require_once 'templates/footer.php';
?>
<?php
require_once '../classes/input.php';
require_once '../classes/session.php';
require_once '../classes/database.php';
class validation_login{
private $username,$password;
public $errorMessage;
public function validate_login(){
$db = new database();
$this->username = input::get('user_val');
$this->password = input::get('password_val');
if(empty($this->username) || empty($this->password)){
$this->errorMessage = "Please fill all the fields!";
return false;
}else if(!$db->login()){
$this->errorMessage = "Invalid username or password!";
return false;
}else{
session::set('username',$this->username);
header('Location: index.php');
return true;
}
}
}
$validate_login = new validation_login();
$validate_login->validate_login();
echo "$validate_login->errorMessage";
?>
<?php
class database{
//db_initialization
private $HOST = 'localhost',
$USERNAME = 'root',
$PASSWORD = '',
$DBNAME = 'auth',
$connect;
//db_insert
private $usernameInput,
$firstnameInput,
$lastnameInput,
$passwordInput,
$hashedPassword;
public function __construct(){
$this->connect = new mysqli($this->HOST,$this->USERNAME,
$this->PASSWORD,$this->DBNAME) or die('connection error');
}
public function insert_data(){
$sql = "INSERT INTO users
(username,first_name,last_name,password) VALUES (?,?,?,?)";
if($statement = $this->connect->prepare($sql)){
$this->usernameInput = input::get('user_val');
$this->firstnameInput = input::get('first_name_val');
$this->lastnameInput = input::get('last_name_val');
$this->passwordInput = input::get('password_val');
$this->hashedPassword = password_hash( $this->passwordInput,
PASSWORD_DEFAULT);
$statement->bind_param("ssss",$this->usernameInput,
$this- >firstnameInput,$this->lastnameInput,
$this->hashedPassword);
$statement->execute();
}
}
public function validate_same_username(){
$sql_same_username = "SELECT username FROM users WHERE
username = ?";
if($statement_same_username =
$this->connect->prepare($sql_same_username)){
$this->usernameInput = input::get('user_val');
$statement_same_username->bind_param("s",
$this->usernameInput);
$statement_same_username->execute();
$result = $statement_same_username->get_result();
$num_rows = $result->num_rows;
if($num_rows > 0){
return false;
}else{
return true;
}
}
}
public function login(){
$sql_login = "SELECT username , password FROM users WHERE
username = ?";
if($statement_login = $this->connect->prepare($sql_login)){
$this->usernameInput = input::get('user_val');
$this->passwordInput = input::get('password_val');
$statement_login->bind_param("s",
$this->usernameInput);
$statement_login->execute();
//get hashed password from database
$statement_login->bind_result($username,$password);
if(password_verify($this->passwordInput,$password)){
return true;
}else{
return false;
}
}
}
}
?>
<?php
class session{
public static function set($name,$value){
return $name = $_SESSION[$value];
}
public static function get($name){
return $_SESSION[$name];
}
public static function exists($name){
if(isset($_SESSION[$name])){
return true;
}else{
return false;
}
}
}
?>
<?php
class input{
public static function get($name){
if(isset($_POST[$name])){
return $_POST[$name];
}else if(isset($_GET[$name])){
return $_GET[$name];
}else{
return false;
}
}
}
?>
session.php
<?php
require_once 'templates/header.php';
?>
<link rel="stylesheet" type="text/css" href="styles/login-style.css">
<script type="text/javascript" src="https://code.jquery.com/jquery-
3.3.1.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$('#login').click(function(event){
event.preventDefault();
var username = $('#usernameID').val();
var password = $('#passwordID').val();
$.post("validation/validation_login.php",{
user_val : username,
password_val : password,
},function(data){
$('.error-message').html(data);
});
});
});
</script>
<title>Login</title>
<form>
<h1>Login</h1>
<input type="text" id="usernameID" name="username"
placeholder="Username" autocomplete="off"> <br>
<input type="password" id="passwordID" name="password"
placeholder="Password" autocomplete="off"> <br>
<input type="button" id="login" name="register-button" value="Login">
</form>
<div class="error-message">
</div>
<?php
require_once 'templates/footer.php';
?>
<?php
require_once '../classes/input.php';
require_once '../classes/session.php';
require_once '../classes/database.php';
class validation_login{
private $username,$password;
public $errorMessage;
public function validate_login(){
$db = new database();
$this->username = input::get('user_val');
$this->password = input::get('password_val');
if(empty($this->username) || empty($this->password)){
$this->errorMessage = "Please fill all the fields!";
return false;
}else if(!$db->login()){
$this->errorMessage = "Invalid username or password!";
return false;
}else{
session::set('username',$this->username);
header('Location: index.php');
return true;
}
}
}
$validate_login = new validation_login();
$validate_login->validate_login();
echo "$validate_login->errorMessage";
?>
<?php
class database{
//db_initialization
private $HOST = 'localhost',
$USERNAME = 'root',
$PASSWORD = '',
$DBNAME = 'auth',
$connect;
//db_insert
private $usernameInput,
$firstnameInput,
$lastnameInput,
$passwordInput,
$hashedPassword;
public function __construct(){
$this->connect = new mysqli($this->HOST,$this->USERNAME,
$this->PASSWORD,$this->DBNAME) or die('connection error');
}
public function insert_data(){
$sql = "INSERT INTO users
(username,first_name,last_name,password) VALUES (?,?,?,?)";
if($statement = $this->connect->prepare($sql)){
$this->usernameInput = input::get('user_val');
$this->firstnameInput = input::get('first_name_val');
$this->lastnameInput = input::get('last_name_val');
$this->passwordInput = input::get('password_val');
$this->hashedPassword = password_hash( $this->passwordInput,
PASSWORD_DEFAULT);
$statement->bind_param("ssss",$this->usernameInput,
$this- >firstnameInput,$this->lastnameInput,
$this->hashedPassword);
$statement->execute();
}
}
public function validate_same_username(){
$sql_same_username = "SELECT username FROM users WHERE
username = ?";
if($statement_same_username =
$this->connect->prepare($sql_same_username)){
$this->usernameInput = input::get('user_val');
$statement_same_username->bind_param("s",
$this->usernameInput);
$statement_same_username->execute();
$result = $statement_same_username->get_result();
$num_rows = $result->num_rows;
if($num_rows > 0){
return false;
}else{
return true;
}
}
}
public function login(){
$sql_login = "SELECT username , password FROM users WHERE
username = ?";
if($statement_login = $this->connect->prepare($sql_login)){
$this->usernameInput = input::get('user_val');
$this->passwordInput = input::get('password_val');
$statement_login->bind_param("s",
$this->usernameInput);
$statement_login->execute();
//get hashed password from database
$statement_login->bind_result($username,$password);
if(password_verify($this->passwordInput,$password)){
return true;
}else{
return false;
}
}
}
}
?>
<?php
class session{
public static function set($name,$value){
return $name = $_SESSION[$value];
}
public static function get($name){
return $_SESSION[$name];
}
public static function exists($name){
if(isset($_SESSION[$name])){
return true;
}else{
return false;
}
}
}
?>
<?php
class input{
public static function get($name){
if(isset($_POST[$name])){
return $_POST[$name];
}else if(isset($_GET[$name])){
return $_GET[$name];
}else{
return false;
}
}
}
?>
input.php
<?php
require_once 'templates/header.php';
?>
<link rel="stylesheet" type="text/css" href="styles/login-style.css">
<script type="text/javascript" src="https://code.jquery.com/jquery-
3.3.1.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$('#login').click(function(event){
event.preventDefault();
var username = $('#usernameID').val();
var password = $('#passwordID').val();
$.post("validation/validation_login.php",{
user_val : username,
password_val : password,
},function(data){
$('.error-message').html(data);
});
});
});
</script>
<title>Login</title>
<form>
<h1>Login</h1>
<input type="text" id="usernameID" name="username"
placeholder="Username" autocomplete="off"> <br>
<input type="password" id="passwordID" name="password"
placeholder="Password" autocomplete="off"> <br>
<input type="button" id="login" name="register-button" value="Login">
</form>
<div class="error-message">
</div>
<?php
require_once 'templates/footer.php';
?>
<?php
require_once '../classes/input.php';
require_once '../classes/session.php';
require_once '../classes/database.php';
class validation_login{
private $username,$password;
public $errorMessage;
public function validate_login(){
$db = new database();
$this->username = input::get('user_val');
$this->password = input::get('password_val');
if(empty($this->username) || empty($this->password)){
$this->errorMessage = "Please fill all the fields!";
return false;
}else if(!$db->login()){
$this->errorMessage = "Invalid username or password!";
return false;
}else{
session::set('username',$this->username);
header('Location: index.php');
return true;
}
}
}
$validate_login = new validation_login();
$validate_login->validate_login();
echo "$validate_login->errorMessage";
?>
<?php
class database{
//db_initialization
private $HOST = 'localhost',
$USERNAME = 'root',
$PASSWORD = '',
$DBNAME = 'auth',
$connect;
//db_insert
private $usernameInput,
$firstnameInput,
$lastnameInput,
$passwordInput,
$hashedPassword;
public function __construct(){
$this->connect = new mysqli($this->HOST,$this->USERNAME,
$this->PASSWORD,$this->DBNAME) or die('connection error');
}
public function insert_data(){
$sql = "INSERT INTO users
(username,first_name,last_name,password) VALUES (?,?,?,?)";
if($statement = $this->connect->prepare($sql)){
$this->usernameInput = input::get('user_val');
$this->firstnameInput = input::get('first_name_val');
$this->lastnameInput = input::get('last_name_val');
$this->passwordInput = input::get('password_val');
$this->hashedPassword = password_hash( $this->passwordInput,
PASSWORD_DEFAULT);
$statement->bind_param("ssss",$this->usernameInput,
$this- >firstnameInput,$this->lastnameInput,
$this->hashedPassword);
$statement->execute();
}
}
public function validate_same_username(){
$sql_same_username = "SELECT username FROM users WHERE
username = ?";
if($statement_same_username =
$this->connect->prepare($sql_same_username)){
$this->usernameInput = input::get('user_val');
$statement_same_username->bind_param("s",
$this->usernameInput);
$statement_same_username->execute();
$result = $statement_same_username->get_result();
$num_rows = $result->num_rows;
if($num_rows > 0){
return false;
}else{
return true;
}
}
}
public function login(){
$sql_login = "SELECT username , password FROM users WHERE
username = ?";
if($statement_login = $this->connect->prepare($sql_login)){
$this->usernameInput = input::get('user_val');
$this->passwordInput = input::get('password_val');
$statement_login->bind_param("s",
$this->usernameInput);
$statement_login->execute();
//get hashed password from database
$statement_login->bind_result($username,$password);
if(password_verify($this->passwordInput,$password)){
return true;
}else{
return false;
}
}
}
}
?>
<?php
class session{
public static function set($name,$value){
return $name = $_SESSION[$value];
}
public static function get($name){
return $_SESSION[$name];
}
public static function exists($name){
if(isset($_SESSION[$name])){
return true;
}else{
return false;
}
}
}
?>
<?php
class input{
public static function get($name){
if(isset($_POST[$name])){
return $_POST[$name];
}else if(isset($_GET[$name])){
return $_GET[$name];
}else{
return false;
}
}
}
?>
看起来您正在将
用户\u val
添加到validation\u login.php的密码字段中
$this->password=input::get('user_val')代码>
根据您的代码,它应该是
$this->password=input::get('password_val')代码>
我将开始换成这一行
编辑我的初始答案:
您也不能使用密码\u hash()
(请参阅返回值部分)来检查密码是否相等,您需要使用来检查登录函数中的密码是否相等
更改查询以从数据库获取哈希密码,然后将其与用户输入的密码进行比较,并使用密码\u验证
$sql_login = "SELECT username , password FROM users WHERE
username = ? ";
if(password_verify($this->passwordInput,$hashedPasswordFromDB)){
return true;
}else{
return false;
}
还要检查数据库中的password
列是否足够长,以存储整个密码长度,并确保您的用户名是唯一的您在注册时使用的是hashedpassword
,但在登录时不使用hashedpassword,它永远不会成功进行身份验证。@amopt我已经尝试过了,但这并不重要。请使用您正在使用的新代码更新您问题中的代码:1)在身份验证时对密码进行哈希运算,2)按照Ron的回答,在验证登录时使用password\u val
而不是user\u val
。php@AmmoPT代码更新,但是仍然不起作用。你能访问database.php吗?user\u val=user&password\u val=password
(用有效的、存在的数据替换user
和password
)并且在login()
上你能var\u dump($this->usernameInput)
和var\u dump($this->hashedPassword)
,在它们被定义之后。它不会显示任何错误,但在我尝试登录时仍然无法正确验证。我输入了正确的用户名和密码,但它仍然验证我输入了错误的用户名或密码。我将检查输入是否符合您在login()
echo$this->usernameInput=input::get('user_val')中的期望;echo$this->passwordInput=input::get('password_val')
和echo$this->hashedPassword代码>我已经检查过了,输入是我期望的。但是,如果我对密码进行哈希运算,它似乎不起作用。你知道如何使用哈希密码正确登录系统吗?我已经更新了数据库.php的login()
函数,请检查。使用bind_param
函数$sql_login=“从username=?”中选择用户名、密码,可以在同一查询中获得多个列
和$statement\u login->bind\u param(“ss”,$hashedPasswordFromDB)
然后user$hashedPasswordFromDB
验证密码