Php 登录脚本和stmt问题
我有麻烦的代码执行正确,但当我提交的字段中没有任何内容,我得到你没有填写所有必填字段的消息,但当我提交文本,然后我得到相同的消息,我不知道为什么 另外,我遇到了Php 登录脚本和stmt问题,php,login,registration,Php,Login,Registration,我有麻烦的代码执行正确,但当我提交的字段中没有任何内容,我得到你没有填写所有必填字段的消息,但当我提交文本,然后我得到相同的消息,我不知道为什么 另外,我遇到了stmt问题,我正在尝试使用stmt login.inc.php <?php $ud = ''; $error = ''; $email = ''; $password = ''; if (isset($_POST['login'])) { $email = $_POST['email']; $password
stmt
问题,我正在尝试使用stmt
login.inc.php
<?php
$ud = '';
$error = '';
$email = '';
$password = '';
if (isset($_POST['login'])) {
$email = $_POST['email'];
$password = $_POST['password'];
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);
if (empty($email) || empty($password)) {
$error = 'You did not fill out all the required field\'s.';
} else {
$stmt = $conn->prepare("SELECT id, username, password, email FROM users WHERE email = ?");
$stmt->bind_param('s', $email);
if (!$stmt->execute()) {
$error = 'No account has the email: ' . $email . '.';
} else {
$ud = $stmt->get_result();
$stmt->bind_result($db_id_login, $db_username_login, $db_password_login, $db_email_login);
$stmt->store_result();
$password = md5($password);
if ($password == $db_password_login) {
// start users session
} else {
$error = 'The password is incorrect.';
}
}
$stmt->close();
}
}
?>
我已经看过了您的代码,主要问题是您的
if语句的一般逻辑以及您准备的语句顺序和编写代码的方式。这是一个完整的工作解决方案
我将密码更改为纯文本只是为了测试,但您应该使用比md5更好的哈希
没有理由使您的$username
和$password
在代码顶部为空
我建议您在输入字段中使用required=“required”
,并在输入字段中进行电子邮件验证
登录表单可以通过多种方式完成,我刚刚解决了关于您的代码的问题,但我建议您查看:以获取灵感
我已经把我的笔记放在了你入职的代码里
<?php
// db connection
$dbcon_servername = "localhost";
$dbcon_username = "root";
$dbcon_password = "";
$dbcon_database = "dummy";
$conn = new mysqli($dbcon_servername, $dbcon_username, $dbcon_password, $dbcon_database);
if ($conn->connect_error)
die("Connection failed: " . $conn->connect_error);
// login logic
$error = "";
if (isset($_POST['login']))
{
// you can put the input var directly inside mysql real escape
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);
if (empty($email) || empty($password))
{
$error = "You did not fill out all the required field\'s.";
} else
{
//sql statement for its own, cleaner and easier for debugging
$sql = "SELECT `id`,`username`,`password` FROM `users` WHERE `email` = ?";
if ($stmt = $conn->prepare($sql))
{
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
//check if you get at least one results you have to ensure you
//do not have double email as account, one way to that
//making email as key in your database and make email check
//mechanism to check for double when registering users.
if ($stmt->num_rows == 1)
{
$stmt->bind_result($db_id, $db_username, $db_password);
$stmt->fetch();
if ($password == $db_password)
{
// successful login
echo "The email address: $email with username $db_username exist in the database" . "<br />";
echo "id=$db_id, username=$db_username, password=$db_password \n";
} else
{
$error = "The password is incorrect";
}
} else
{
$error = "No account has the email: $email";
}
}
$stmt->close();
}
}
$conn->close();
?>
<html>
<head><title>Login form</title>
<head>
<body>
<h3>Login form</h3>
<a href="index.php">Click here to main page or some thing else</a></br>
<form action="form.php" method="post">
Enter Email: <input type="text" name="email"/></br>
Enter Password: <input type="password" name="password"/></br>
<input type="submit" name="login" value="Register"/>
<?php echo $error ?>
</form>
</body>
</html>
登录表格
登录表格
输入电子邮件:
输入密码:
显然这意味着$\u POST['password']
或$\u POST['email']
都是空的……还有一个一般提示:使用md5哈希作为密码保护是不够的。虽然肯定比存储纯文本密码要好。但是md5散列几乎不提供任何保护来抵御字典或简单的暴力攻击。您应该使用salted散列算法。在互联网上有现成的库,我将用哈希表添加秘密的二级盐密匙,这可能是html语法错误。不是服务器端,我将使用错误消息进行测试。好吧,您只需将$\u POST
转储到某个日志文件中一次,就可以看到结果。或者您只需使用浏览器开发控制台来检查实际发送的内容。感谢代码的有效性,是的,我将其更改为更安全的哈希。感谢共享prepare and bind maytham