PHP中的表单验证问题
我目前有一个登录页面,其中包含下面要登录的PHP代码。登录工作正常,但是如果我输入了错误的密码,或者即使我没有填写用户名或密码字段,它也会输出错误PHP中的表单验证问题,php,mysql,sql,Php,Mysql,Sql,我目前有一个登录页面,其中包含下面要登录的PHP代码。登录工作正常,但是如果我输入了错误的密码,或者即使我没有填写用户名或密码字段,它也会输出错误帐户未确认。请与支持部门联系。我真的不明白这是什么原因 if(isset($_POST['doLogin'])){ $username = $_POST['login-username']; $password = $_POST['login-password']; if(empty($usernam
帐户未确认。请与支持部门联系。
我真的不明白这是什么原因
if(isset($_POST['doLogin'])){
$username = $_POST['login-username'];
$password = $_POST['login-password'];
if(empty($username) || empty($password)){
$error = error("Please enter all fields");
}
/// Main Checks Against the Inputs
$SQLCheckLoginn = $odb -> prepare("SELECT COUNT(*) FROM `users` WHERE `username` = :username");
$SQLCheckLoginn -> execute(array(':username' => $username));
$countLoginn = $SQLCheckLoginn -> fetchColumn(0);
if ($countLoginn < 1){
$SQL = $odb -> prepare("INSERT INTO `loginlogs` VALUES(:username, :ip, UNIX_TIMESTAMP(), 'XX')");
$SQL -> execute(array(':username' => $username." - does not exist",':ip' => $ip));
$error = error("The username does not exist in our system.");
}
$SQLCheckLogin = $odb -> prepare("SELECT COUNT(*) FROM `users` WHERE `username` = :username AND `password` = :password");
$SQLCheckLogin -> execute(array(':username' => $username, ':password' => SHA1($password)));
$countLogin = $SQLCheckLogin -> fetchColumn(0);
if (!($countLogin == 1)){
$SQL = $odb -> prepare("INSERT INTO `loginlogs` VALUES(:username, :ip, UNIX_TIMESTAMP(), 'XX')");
$SQL -> execute(array(':username' => $username." - failed login",':ip' => $ip));
$error = error('The password you entered is invalid.');
}
$SQL = $odb -> prepare("SELECT `status` FROM `users` WHERE `username` = :username");
$SQL -> execute(array(':username' => $username));
$status = $SQL -> fetchColumn(0);
if ($status == 1){
$SQL = $odb -> prepare("SELECT `reason` FROM `bans` WHERE `username` = :username");
$SQL -> execute(array(':username' => $username));
$ban = $SQL -> fetchColumn(0);
if(empty($ban)){ $ban = "No reason given."; }
$error = error('You are banned. Reason: '.htmlspecialchars($ban));
}
$SQL = $odb -> prepare("SELECT `email_active` FROM `users` WHERE `username` = :username");
$SQL -> execute(array(':username' => $username));
$fetch = $SQL -> fetchColumn(0);
if ($fetch == "0"){
$error = error('Account not confirmed. Please contact support.');
}
// Check if 2auth enabled
if(empty($error)){
$SQL = $odb -> prepare("SELECT * FROM `users` WHERE `username` = :username"); $SQL -> execute(array(':username' => $username));
$userInfo = $SQL -> fetch();
$ipcountry = json_decode(file_get_contents("https://www.geoplugin.net/json.gp?ip=".$ip)) -> {'geoplugin_countryName'};
if (empty($ipcountry)) {$ipcountry = 'XX';}
$SQL = $odb -> prepare('INSERT INTO `loginlogs` VALUES(:username, :ip, UNIX_TIMESTAMP(), :ipcountry)');
$SQL -> execute(array(':ip' => $ip, ':username' => $username, ':ipcountry' => $ipcountry));
$_SESSION['username'] = $userInfo['username'];
$_SESSION['ID'] = $userInfo['ID'];
$_SESSION['email'] = $userInfo['email'];
setcookie("username", $userInfo['username'], time() + 720000);
header('Location: dashboard');
}
}
if(isset($\u POST['doLogin'])){
$username=$\u POST['login-username'];
$password=$\u POST['login-password'];
if(空($username)| |空($password)){
$error=错误(“请输入所有字段”);
}
///主要检查输入
$SQLCheckLoginn=$odb->prepare(“从`users`中选择COUNT(*),其中`username`=:username”);
$SQLCheckLoginn->execute(数组(':username'=>$username));
$countLoginn=$SQLCheckLoginn->fetchColumn(0);
如果($countLoginn<1){
$SQL=$odb->prepare(“插入`loginlogs`值(:username,:ip,UNIX_TIMESTAMP(),'XX')”;
$SQL->execute(数组(':username'=>$username.'-不存在,':ip'=>$ip));
$error=error(“我们的系统中不存在用户名”);
}
$SQLCheckLogin=$odb->prepare(“从'users'中选择COUNT(*),其中'username`=:username和'password`=:password”);
$SQLCheckLogin->execute(数组(':username'=>$username':password'=>SHA1($password));
$countLogin=$SQLCheckLogin->fetchColumn(0);
如果(!($countLogin==1)){
$SQL=$odb->prepare(“插入`loginlogs`值(:username,:ip,UNIX_TIMESTAMP(),'XX')”;
$SQL->execute(数组(':username'=>$username.-登录失败“,':ip'=>$ip));
$error=error('您输入的密码无效');
}
$SQL=$odb->prepare(“从`users`中选择`status`,其中`username`=:username”);
$SQL->execute(数组(':username'=>$username));
$status=$SQL->fetchColumn(0);
如果($status==1){
$SQL=$odb->prepare(“从`bans`中选择`reason`,其中`username`=:username”);
$SQL->execute(数组(':username'=>$username));
$ban=$SQL->fetchColumn(0);
if(空($ban)){$ban=“没有给出理由。”;}
$error=error('您被禁止。原因:'.htmlspecialchars($ban));
}
$SQL=$odb->prepare(“从`users`中选择`email\u active`,其中`username`=:username”);
$SQL->execute(数组(':username'=>$username));
$fetch=$SQL->fetchColumn(0);
如果($fetch==“0”){
$error=错误('帐户未确认。请与支持部门联系');
}
//检查2auth是否已启用
if(空($error)){
$SQL=$odb->prepare(“从`users`中选择*,其中`username`=:username”);$SQL->execute(数组(':username'=>$username));
$userInfo=$SQL->fetch();
$ipcountry=json\u解码(文件\u获取\u内容(“https://www.geoplugin.net/json.gp?ip=“$ip”)->{'geoplugin_countryName'};
if(空($ipcountry)){$ipcountry='XX';}
$SQL=$odb->prepare('loginlogs'值(:username,:ip,UNIX\u TIMESTAMP(),:ipcountry)中插入);
$SQL->execute(数组(':ip'=>$ip':username'=>$username':ipcountry'=>$ipcountry));
$\会话['username']=$userInfo['username'];
$\会话['ID']=$userInfo['ID'];
$\会话['email']=$userInfo['email'];
setcookie(“用户名”、$userInfo['username'],time()+720000);
标题(“位置:仪表板”);
}
}
如果发现错误,您不会中断,因此即使用户名不存在,您仍会检查密码等
现在,我们来看一下if($fetch==“0”)
——我假设$fetch
等同于false
。请注意,PHP没有类型。“0”也被解释为false
,因此如果($fetch==“0”)为true,则解释为
转换为布尔值时,以下值被视为FALSE:
布尔值本身是假的
整数0(零)
浮动0.0(零)
空字符串,和字符串“0”
零元素数组
特殊类型NULL(包括未设置的变量)
从空标记创建的SimpleXML对象
参考资料:当我将if($fetch==“0”)
更改为if($fetch==false)
时,我仍然无法确认帐户。请联系支持。
我是否需要返回false代码>在每个错误之后?我不确定……很明显,这并没有改变什么。我想告诉你“0”
与false
相同。您还可以执行类似于if($fetch==“0”&&count($errors==0))
我尝试使用die($error=error(“请输入所有字段”))
现在可以在空白页面上显示消息,而不是在同一页面上。是的,die不是一个好主意,因为它会阻止页面的其余部分生成。你可能会得到一个完成了一半的页面。而是使用返回、中断或计数错误数组中的元素。尝试使用return代码>和中断代码>在每个错误消息之后,只需获得一个空白页。