Php 在正确/不正确登录时重定向用户
我已经为此工作了一段时间,只是不知道我做错了什么 脚本: 我正在开发一个PHP应用程序,在这个应用程序中,用户将输入他的登录凭据,在成功验证后,他将被重定向到他的主页。代码方面:Php 在正确/不正确登录时重定向用户,php,mysql,Php,Mysql,我已经为此工作了一段时间,只是不知道我做错了什么 脚本: 我正在开发一个PHP应用程序,在这个应用程序中,用户将输入他的登录凭据,在成功验证后,他将被重定向到他的主页。代码方面: index.php -> login_handler.php -> user_home.php 但是我无法在成功登录时将用户重定向到主页,在不正确登录时将用户重定向到登录页面。我已经在下面发布了代码的相关部分 index.php: 用户Id: 密码: 想注册吗? 登录\u handler.ph
index.php -> login_handler.php -> user_home.php
但是我无法在成功登录时将用户重定向到主页,在不正确登录时将用户重定向到登录页面。我已经在下面发布了代码的相关部分
index.php:
用户Id:
密码:
想注册吗?
登录\u handler.php:
DatabaseOperations.php:
编辑:
MySQL服务器已启动并运行,查询似乎正常sandeep
和123
,这是登录页面上输入的内容
任何帮助都将不胜感激。我相信问题在于您的数据库查询。避免在任何时候都不推荐用于现代php的mysql扩展。您可能还需要在生产环境中加密密码,并对数据进行进一步清理 这是一个原型,您应该使用存根数据运行,直到它返回正确的结果。在您可以将虚拟数据连接到表单提交之后 更新为完整的单页自提交脚本,成功后将重定向到用户_home.php。只需编辑表单操作以匹配脚本文件名
class MySql
{
private $sDbName = 'play';
private $sUsername = 'root';
private $sPassword = '';
private $sHost = 'localhost';
private $oConnection = null;
public function __construct()
{
$this->oConnection = new PDO(
'mysql:host='
. $this->sHost
. ';dbname='
. $this->sDbName,
$this->sUsername,
$this->sPassword
);
}
public function getDb()
{
return $this->oConnection;
}
public function bindVariables( &$oStmp, $aBinds )
{
foreach( $aBinds as $sVariable => $vValue )
{
// Ensure we have a colon prepended for PDO.
if( substr( $sVariable, 0, 1 ) !== ':' )
{
$sVariable = ':' . $sVariable;
}
$oStmp->bindValue( $sVariable, $vValue );
}
}
}
session_start();
if( !empty( $_POST ) && !empty( $_POST[ 'username' ] ) && !empty( $_POST[ 'username' ] ) )
{
$oMySql = new MySql;
$oDb = $oMySql->getDb();
$sSql = "SELECT count( 1 ) FROM user_master where username = :username and password = :password";
$aBinds[ 'username' ] = $_POST[ 'username' ];
$aBinds[ 'password' ] = $_POST[ 'username' ];
$oStmp = $oDb->prepare( $sSql );
$oMySql->bindVariables( $oStmp, $aBinds );
$oStmp->execute();
$oResult = $oStmp->fetchall();
if( !empty( $oResult ) )
{
// User record exists.
$sSql = "SELECT username FROM user_master where username = :username and password = :password LIMIT 1";
$oMySql->bindVariables( $oStmp, $aBinds );
$oStmp->execute();
$oUser = $oStmp->fetch();
$_SESSION[ 'username' ] = $oUser[ 0 ];
header( 'Location: user_home.php?status=good&session_id=' . $oUser[ 0 ] );
}
else
{
// User record does not exist.
header( 'Location: index.php?status=Login Failed !' );
}
var_dump( $oResult );
}
?>
<div id="LoginFormWrapper">
<div class="login-block">
<h3 align="left">
<span style="font-family: 'Verdana'; color: white; font-weight: bold;font-size: 12px;margin-left: 10px;">
<?php
$queryString = http_build_query($_GET, '', '|');
echo $queryString;
if ($queryString == "status=Session+expired.Please+login%21") {
echo("Session expired.Please login!");
}
if ($queryString == "status=Login+Failed+%21") {
echo("Login failed !");
}
if ($queryString == "status=Registration+Succesful.") {
echo("Congrats ! Login to explore...");
}
?>
</span>
</h3>
<br/>
<form name="UserLogin" action="66.php" method="POST" class="loginform">
<p align="left"><label for="username">User Id :</label><input type="text" name="username" id="user_id" align="right"/></p>
<p align="left"><label for="password">Password :</label><input type="password" name="password" id="password" align="right" /></p>
<p align="left"><input type="submit" id="submit" value="Login"/>
<b>
<span style="font-family: 'Palatino Linotype', fantasy; color: white; font-size:14px;">Want to register ?</span>
</b>
<a href="Registration.php">
<img id="signupbutton" src="images/signup-button.png" alt="signup" width="76" height="41" longdesc="signup-button.png" />
</a>
</p>
</form>
</div>
</div>
classmysql
{
private$sDbName='play';
private$sUsername='root';
私人$sPassword='';
private$sHost='localhost';
private$oConnection=null;
公共函数构造()
{
$this->oConnection=新PDO(
'mysql:host='1!'
.$this->sHost
“;dbname=”
.$this->sDbName,
$this->sUsername,
$this->sPassword
);
}
公共函数getDb()
{
返回$this->o连接;
}
公共函数bindVariables(&$oStmp,$aBinds)
{
foreach($aBinds作为$sVariable=>$vValue)
{
//确保我们为PDO准备了一个冒号。
if(substr($s变量,0,1)!=':')
{
$s可变=':'。$s可变;
}
$oStmp->bindValue($sVariable,$vValue);
}
}
}
会话_start();
如果(!empty($_POST)&&&!empty($_POST['username'])&&!empty($_POST['username']))
{
$MySql=newmysql;
$oDb=$mySQL->getDb();
$sSql=“从user_master中选择count(1),其中username=:username和password=:password”;
$aBinds['username']=$\u POST['username'];
$aBinds['password']=$\u POST['username'];
$oStmp=$oDb->prepare($sSql);
$mysql->bindVariables($oStmp,$aBinds);
$oStmp->execute();
$oResult=$oStmp->fetchall();
如果(!空($oResult))
{
//用户记录存在。
$sSql=“从用户\主机中选择用户名,其中用户名=:用户名和密码=:密码限制1”;
$mysql->bindVariables($oStmp,$aBinds);
$oStmp->execute();
$oUser=$oStmp->fetch();
$_会话['username']=$oUser[0];
标题('Location:user_home.php?status=good&session_id='。$oUser[0]);
}
其他的
{
//用户记录不存在。
标题('Location:index.php?status=Login Failed!');
}
var_dump($oResult);
}
?>
用户Id:
密码:
想注册吗?
我认为问题出在getConnectionLink()函数中
mysql_connect仅返回true或false布尔值。成功时返回true,失败时返回false。
它是返回资源id#25,在内部函数中执行此操作
$con = mysql_connect('localhost', 'root', 'password');
if(!$con) {die("could not onnect ".mysql_error());}
return $con;
其中$con的值为真或假。
转到此链接了解有关函数的弃用、使用和返回的信息问题在于,您正在调用
validateLogin()
中的getConnectionLink()
,然后再次调用getDB()
函数。通过getConnectionLink()
返回的资源在这两个函数中是不同的。您需要将getConnectionLink()
返回的相同资源传递给getDB()
函数
请参阅相同的示例
谢谢
Anurag Sethi感谢弗拉基米尔,point指出。我会对我的密码进行哈希运算,避免使用mysql扩展,但我需要先解决这个问题。:)查询似乎还可以,我已经编辑了我的问题..请。看一看。希望它能帮上忙,伙计。请马上用谷歌搜索“Bobby Tables”。然后你可能会想用谷歌搜索“sql注入”。
<?php
function getConnectionLink() {
echo "Inside getConnectionLink()"."<br/>";
return mysql_connect('localhost', 'root', 'password'); // Returns a MySQL link identifier if the connection is successful or FALSE on failure.
}
function getDB() {
echo "Inside getDB()"."<br/>";
$link_host = getConnectionLink();
$con_status = mysql_select_db('cheque_management', $link_host); // Returns TRUE on success or FALSE on failure.
return $con_status;
}
function validateLogin($user_id, $password) {
echo "Inside validateLogin()"."<br/>";
$link_host = getConnectionLink();
echo "$link_host = ".$link_host; // Doesn't print anything.
$con_status = getDB();
$sql = "select * from `user_master` where `user_id` = '$user_id' and `password` = '$password'";
echo $sql; // Doesn't print anything.
$result = mysql_query($sql, $link_host);
if (!$result || mysql_num_rows($result) < 1) {
echo "Valid Login";// Invalid login
return FALSE;
} else {
echo "Valid Login"; // Valid login.
return TRUE;
}
}
?>
class MySql
{
private $sDbName = 'play';
private $sUsername = 'root';
private $sPassword = '';
private $sHost = 'localhost';
private $oConnection = null;
public function __construct()
{
$this->oConnection = new PDO(
'mysql:host='
. $this->sHost
. ';dbname='
. $this->sDbName,
$this->sUsername,
$this->sPassword
);
}
public function getDb()
{
return $this->oConnection;
}
public function bindVariables( &$oStmp, $aBinds )
{
foreach( $aBinds as $sVariable => $vValue )
{
// Ensure we have a colon prepended for PDO.
if( substr( $sVariable, 0, 1 ) !== ':' )
{
$sVariable = ':' . $sVariable;
}
$oStmp->bindValue( $sVariable, $vValue );
}
}
}
session_start();
if( !empty( $_POST ) && !empty( $_POST[ 'username' ] ) && !empty( $_POST[ 'username' ] ) )
{
$oMySql = new MySql;
$oDb = $oMySql->getDb();
$sSql = "SELECT count( 1 ) FROM user_master where username = :username and password = :password";
$aBinds[ 'username' ] = $_POST[ 'username' ];
$aBinds[ 'password' ] = $_POST[ 'username' ];
$oStmp = $oDb->prepare( $sSql );
$oMySql->bindVariables( $oStmp, $aBinds );
$oStmp->execute();
$oResult = $oStmp->fetchall();
if( !empty( $oResult ) )
{
// User record exists.
$sSql = "SELECT username FROM user_master where username = :username and password = :password LIMIT 1";
$oMySql->bindVariables( $oStmp, $aBinds );
$oStmp->execute();
$oUser = $oStmp->fetch();
$_SESSION[ 'username' ] = $oUser[ 0 ];
header( 'Location: user_home.php?status=good&session_id=' . $oUser[ 0 ] );
}
else
{
// User record does not exist.
header( 'Location: index.php?status=Login Failed !' );
}
var_dump( $oResult );
}
?>
<div id="LoginFormWrapper">
<div class="login-block">
<h3 align="left">
<span style="font-family: 'Verdana'; color: white; font-weight: bold;font-size: 12px;margin-left: 10px;">
<?php
$queryString = http_build_query($_GET, '', '|');
echo $queryString;
if ($queryString == "status=Session+expired.Please+login%21") {
echo("Session expired.Please login!");
}
if ($queryString == "status=Login+Failed+%21") {
echo("Login failed !");
}
if ($queryString == "status=Registration+Succesful.") {
echo("Congrats ! Login to explore...");
}
?>
</span>
</h3>
<br/>
<form name="UserLogin" action="66.php" method="POST" class="loginform">
<p align="left"><label for="username">User Id :</label><input type="text" name="username" id="user_id" align="right"/></p>
<p align="left"><label for="password">Password :</label><input type="password" name="password" id="password" align="right" /></p>
<p align="left"><input type="submit" id="submit" value="Login"/>
<b>
<span style="font-family: 'Palatino Linotype', fantasy; color: white; font-size:14px;">Want to register ?</span>
</b>
<a href="Registration.php">
<img id="signupbutton" src="images/signup-button.png" alt="signup" width="76" height="41" longdesc="signup-button.png" />
</a>
</p>
</form>
</div>
</div>
$con = mysql_connect('localhost', 'root', 'password');
if(!$con) {die("could not onnect ".mysql_error());}
return $con;