Php 登录和密码验证
对于未注册的电子邮件,我希望提示用户“登录失败:电子邮件未注册”。对于错误的密码,“登录失败:请输入正确的电子邮件/密码组合” 但是,对于这两个错误,我倾向于看到“登录失败:请输入正确的电子邮件/密码组合” 这是我的密码:Php 登录和密码验证,php,html,mysqli,Php,Html,Mysqli,对于未注册的电子邮件,我希望提示用户“登录失败:电子邮件未注册”。对于错误的密码,“登录失败:请输入正确的电子邮件/密码组合” 但是,对于这两个错误,我倾向于看到“登录失败:请输入正确的电子邮件/密码组合” 这是我的密码: <?php if(isset($_POST['Login'])){ $Email = $_POST['Email']; $PW = $_POST['Password']; $result = $con->
<?php
if(isset($_POST['Login'])){
$Email = $_POST['Email'];
$PW = $_POST['Password'];
$result = $con->query("select * from user where Email='$Email'");
$row = $result->fetch_array(MYSQLI_BOTH);
if(password_verify($PW, $row['Password'])){
session_start();
$_SESSION["UserID"] = $row['UserID'];
$_SESSION["FName"] = $row['Fname'];
$_SESSION["LName"] = $row['Lname'];
$_SESSION["City"] = $row['City'];
$_SESSION["Country"] = $row['Country'];
$_SESSION["Timer"] = $row['Timestamp'];
header('Location: Account.php');
}
elseif($result === false)
{
$msg = "Login Failed : Email Not Registered.";
}
else
{
$msg = "Login Failed : Please Enter The Right Email/Password Combination.";
}
}
?>
<div class="form-group">
<?php
if(isset($msg) & !empty($msg)){
echo "<span style='color: red;'>$msg</span>";
}
?>
试试这个:
$result = $con->query("select * from user where Email='$Email'");
if($result->num_rows>0){
$row = $result->fetch_array(MYSQLI_BOTH);
if(password_verify($PW,$row["password"])){
//blah blah blah
}
else
{
$msg = "Login Failed : Please Enter The Right Email/Password Combination.";
}
}
else
{
$msg="Login Failed : Email Not Registered.";
}
<?php
session_start();
if (isset($_POST['Login'])) {
$Email = $_POST['Email'];
$PW = $_POST['Password'];
$result = $con->query("select * from user where Email='$Email'");
$row = $result->fetch_array(MYSQLI_BOTH);
if (!empty($row)) { // User found
if (password_verify($PW, $row['Password'])) { // Password correct
$_SESSION["UserID"] = $row['UserID'];
$_SESSION["FName"] = $row['Fname'];
$_SESSION["LName"] = $row['Lname'];
$_SESSION["City"] = $row['City'];
$_SESSION["Country"] = $row['Country'];
$_SESSION["Timer"] = $row['Timestamp'];
} else { // Password not correct
$msg = "Login Failed : Please Enter The Right Email/Password Combination.";
}
} else { // User not found
$msg = "Login Failed : Email Not Registered.";
}
}
<div class="form-group">
<?php
if(isset($msg) & !empty($msg)){
echo "<span style='color: red;'>$msg</span>";
}
?>
试试这个:
$result = $con->query("select * from user where Email='$Email'");
if($result->num_rows>0){
$row = $result->fetch_array(MYSQLI_BOTH);
if(password_verify($PW,$row["password"])){
//blah blah blah
}
else
{
$msg = "Login Failed : Please Enter The Right Email/Password Combination.";
}
}
else
{
$msg="Login Failed : Email Not Registered.";
}
<?php
session_start();
if (isset($_POST['Login'])) {
$Email = $_POST['Email'];
$PW = $_POST['Password'];
$result = $con->query("select * from user where Email='$Email'");
$row = $result->fetch_array(MYSQLI_BOTH);
if (!empty($row)) { // User found
if (password_verify($PW, $row['Password'])) { // Password correct
$_SESSION["UserID"] = $row['UserID'];
$_SESSION["FName"] = $row['Fname'];
$_SESSION["LName"] = $row['Lname'];
$_SESSION["City"] = $row['City'];
$_SESSION["Country"] = $row['Country'];
$_SESSION["Timer"] = $row['Timestamp'];
} else { // Password not correct
$msg = "Login Failed : Please Enter The Right Email/Password Combination.";
}
} else { // User not found
$msg = "Login Failed : Email Not Registered.";
}
}
<div class="form-group">
<?php
if(isset($msg) & !empty($msg)){
echo "<span style='color: red;'>$msg</span>";
}
?>
您正在尝试使用$result
,它将始终返回False或TRUE。检查本手册
这是代码。希望它对你有用
<?php
if(isset($_POST['Login'])){
$Email = $_POST['Email'];
$PW = $_POST['Password'];
$result = $con->query("select * from user where Email='$Email'"); //// this will always returns false or ture on faliure or success which is not your need
$result_rows =$result->num_rows; // this will tell you if there in your database e-mail exits or not
$row = $result->fetch_array(MYSQLI_BOTH);
if(password_verify($PW, $row['Password'])){
session_start();
$_SESSION["UserID"] = $row['UserID'];
$_SESSION["FName"] = $row['Fname'];
$_SESSION["LName"] = $row['Lname'];
$_SESSION["City"] = $row['City'];
$_SESSION["Country"] = $row['Country'];
$_SESSION["Timer"] = $row['Timestamp'];
header('Location: Account.php');
}
elseif($result_rows === 0) //// no e-mail found !
{
$msg = "Login Failed : Email Not Registered.";
}
else //// email found and other operation what you want you can also use ///// elseif($result_rows > 0) ////
{
$msg = "Login Failed : Please Enter The Right Email/Password Combination.";
}
} ?>
在条件中使用空($row)
而不是$result==false
if(isset($_POST['Login']))
{
$Email = $_POST['Email'];
$PW = $_POST['Password'];
$result = $con->query("select * from user where Email='$Email'");
$row = $result->fetch_array(MYSQLI_BOTH);
if(password_verify($PW, $row['Password']))
{
session_start();
$_SESSION["UserID"] = $row['UserID'];
$_SESSION["FName"] = $row['Fname'];
$_SESSION["LName"] = $row['Lname'];
$_SESSION["City"] = $row['City'];
$_SESSION["Country"] = $row['Country'];
$_SESSION["Timer"] = $row['Timestamp'];
header('Location: Account.php');
}
elseif(empty($row))
{
$msg = "Login Failed : Email Not Registered.";
}
else
{
$msg = "Login Failed : Please Enter The Right Email/Password Combination.";
}
}
elseif(empty($row))
{
$msg = "Login Failed : Email Not Registered.";
}
}
会话\u开始必须在您页面的最开始。我尝试了它,但仍然没有任何区别。我只希望在验证电子邮件和密码后启动会话。这并不是为了解决您的问题。这是使会话正常工作所必需的。在文件开始时启动它,您将省去一些麻烦;)。谢谢您的解决方案有效,但这里的主要错误是什么?请忘记一切,然后返回您的代码。您的else-if条件正在检查“false”,并且如果if语句都不满足,也就是说,结果为“false”,那么也会执行else条件。因此,您的else-if和else-if都是相同的,并且总是执行else-if。现在在我的代码中,我首先检查电子邮件是否存在(明显的结果数将为1,大于0),并且只有电子邮件存在时,我们才执行密码验证。但是,我想再次警告您,您的代码易受SQL注入攻击。我现在明白了。然而,我无法找出是什么使其易受攻击,因为我确实在该代码上方有一个Require connection“”代码。想象一下,我用电子邮件1'或1=1或'1
发送了一个post请求(黑客不必等待js中的验证),因此在这种情况下,$result变为true,您处于:(但我不确定您的密码验证功能是否有漏洞。