Php 登录系统密码和用户名
我为我的signin.php文件编写了php代码,我的查询用于我的用户名,但当我输入password变量时,它什么都不做。我希望用户输入用户名和密码,因为他们要进入受限页面所需输入的只是用户名和密码。它检查用户名是否在数据库表中,如果在,则转到受限页面。我发布了一个这样的问题,我得到了很好的答案,但我不知道把信息放在哪里,这是我的流程。php:Php 登录系统密码和用户名,php,mysql,wamp,Php,Mysql,Wamp,我为我的signin.php文件编写了php代码,我的查询用于我的用户名,但当我输入password变量时,它什么都不做。我希望用户输入用户名和密码,因为他们要进入受限页面所需输入的只是用户名和密码。它检查用户名是否在数据库表中,如果在,则转到受限页面。我发布了一个这样的问题,我得到了很好的答案,但我不知道把信息放在哪里,这是我的流程。php: <?php include("db.php"); $username = $_POST['username']; $pw = $_POST['S
<?php
include("db.php");
$username = $_POST['username'];
$pw = $_POST['StorePassword'];
if ( isset( $_POST['login'] ) ) {
$query = mysqli_query($conn, "SELECT * FROM users WHERE username='".$username."' StorePassword='".$pw."' ");
$StorePassword = password_hash($pw, PASSWORD_BCRYPT, array('cost' => 8));
if ( mysqli_num_rows($query) > 0 ) {
while ( $row = mysqli_fetch_assoc( $query ) ) {
if ( $row['StorePassword'] == $pw ) {
header("Location: home.php");
} else {
echo "Wrong password";
}
}
} else {
echo "User not found <br />";
}
if(empty($pw)){
echo"Please enter your password.";
} else{
}
}
?>
<html>
<body>
<a href="signin.php">Please try again</a>
</body>
</html>
首先,您应该使用
步骤1:要检查用户名和密码是否已输入:
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
die ('You must enter a username and password!');
}
步骤2:根据数据库检查用户名:
if ($stmt = $conn->prepare('SELECT password FROM users WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$username = $_POST['username'];
$stmt->bind_param('s', $username);
if(!$stmt->execute()){
trigger_error("there was an error....".$mysqli->error, E_USER_WARNING);
}
$stmt->store_result();
步骤3:检查密码是否匹配:
if ($stmt->num_rows > 0) {
$stmt->bind_result($password);
$stmt->fetch();
// Account exists, now we verify the password.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has loggedin!
header("Location: home.php");
} else {
echo 'Incorrect username and/or password!';
}
} else {
echo 'User doesnt exist';
}
$stmt->close();
<?php
session_start();
include("db.php");
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
die ('Username and/or password not set');
}
// Prepare our SQL
if ($stmt = $mysqli->prepare('SELECT password FROM users WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$username = $_POST['username'];
$username = strtolower($username);
$stmt->bind_param('s', $username);
if(!$stmt->execute()){
trigger_error("there was an error....".$mysqli->error, E_USER_WARNING);
}
$stmt->store_result();
// Store the result so we can check if the account exists in the database.
if ($stmt->num_rows > 0) {
$stmt->bind_result($password);
$stmt->fetch();
// Account exists, now we verify the password.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has loggedin!
header("Location: home.php");
} else {
echo 'Incorrect username and/or password!';
}
} else {
echo 'Incorrect username blar password!';
}
$stmt->close();
} else {
echo 'Could not prepare statement!';
}
?>
全部加在一起:
if ($stmt->num_rows > 0) {
$stmt->bind_result($password);
$stmt->fetch();
// Account exists, now we verify the password.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has loggedin!
header("Location: home.php");
} else {
echo 'Incorrect username and/or password!';
}
} else {
echo 'User doesnt exist';
}
$stmt->close();
<?php
session_start();
include("db.php");
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
die ('Username and/or password not set');
}
// Prepare our SQL
if ($stmt = $mysqli->prepare('SELECT password FROM users WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$username = $_POST['username'];
$username = strtolower($username);
$stmt->bind_param('s', $username);
if(!$stmt->execute()){
trigger_error("there was an error....".$mysqli->error, E_USER_WARNING);
}
$stmt->store_result();
// Store the result so we can check if the account exists in the database.
if ($stmt->num_rows > 0) {
$stmt->bind_result($password);
$stmt->fetch();
// Account exists, now we verify the password.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has loggedin!
header("Location: home.php");
} else {
echo 'Incorrect username and/or password!';
}
} else {
echo 'Incorrect username blar password!';
}
$stmt->close();
} else {
echo 'Could not prepare statement!';
}
?>
首先,为了安全起见,请查看关于准备好的语句的php指南
步骤1:要检查用户名和密码是否已输入:
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
die ('You must enter a username and password!');
}
步骤2:根据数据库检查用户名:
if ($stmt = $conn->prepare('SELECT password FROM users WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$username = $_POST['username'];
$stmt->bind_param('s', $username);
if(!$stmt->execute()){
trigger_error("there was an error....".$mysqli->error, E_USER_WARNING);
}
$stmt->store_result();
步骤3:检查密码是否匹配:
if ($stmt->num_rows > 0) {
$stmt->bind_result($password);
$stmt->fetch();
// Account exists, now we verify the password.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has loggedin!
header("Location: home.php");
} else {
echo 'Incorrect username and/or password!';
}
} else {
echo 'User doesnt exist';
}
$stmt->close();
<?php
session_start();
include("db.php");
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
die ('Username and/or password not set');
}
// Prepare our SQL
if ($stmt = $mysqli->prepare('SELECT password FROM users WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$username = $_POST['username'];
$username = strtolower($username);
$stmt->bind_param('s', $username);
if(!$stmt->execute()){
trigger_error("there was an error....".$mysqli->error, E_USER_WARNING);
}
$stmt->store_result();
// Store the result so we can check if the account exists in the database.
if ($stmt->num_rows > 0) {
$stmt->bind_result($password);
$stmt->fetch();
// Account exists, now we verify the password.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has loggedin!
header("Location: home.php");
} else {
echo 'Incorrect username and/or password!';
}
} else {
echo 'Incorrect username blar password!';
}
$stmt->close();
} else {
echo 'Could not prepare statement!';
}
?>
全部加在一起:
if ($stmt->num_rows > 0) {
$stmt->bind_result($password);
$stmt->fetch();
// Account exists, now we verify the password.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has loggedin!
header("Location: home.php");
} else {
echo 'Incorrect username and/or password!';
}
} else {
echo 'User doesnt exist';
}
$stmt->close();
<?php
session_start();
include("db.php");
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
die ('Username and/or password not set');
}
// Prepare our SQL
if ($stmt = $mysqli->prepare('SELECT password FROM users WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$username = $_POST['username'];
$username = strtolower($username);
$stmt->bind_param('s', $username);
if(!$stmt->execute()){
trigger_error("there was an error....".$mysqli->error, E_USER_WARNING);
}
$stmt->store_result();
// Store the result so we can check if the account exists in the database.
if ($stmt->num_rows > 0) {
$stmt->bind_result($password);
$stmt->fetch();
// Account exists, now we verify the password.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has loggedin!
header("Location: home.php");
} else {
echo 'Incorrect username and/or password!';
}
} else {
echo 'Incorrect username blar password!';
}
$stmt->close();
} else {
echo 'Could not prepare statement!';
}
?>
首先,为了安全起见,请查看关于准备好的语句的php指南
步骤1:要检查用户名和密码是否已输入:
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
die ('You must enter a username and password!');
}
步骤2:根据数据库检查用户名:
if ($stmt = $conn->prepare('SELECT password FROM users WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$username = $_POST['username'];
$stmt->bind_param('s', $username);
if(!$stmt->execute()){
trigger_error("there was an error....".$mysqli->error, E_USER_WARNING);
}
$stmt->store_result();
步骤3:检查密码是否匹配:
if ($stmt->num_rows > 0) {
$stmt->bind_result($password);
$stmt->fetch();
// Account exists, now we verify the password.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has loggedin!
header("Location: home.php");
} else {
echo 'Incorrect username and/or password!';
}
} else {
echo 'User doesnt exist';
}
$stmt->close();
<?php
session_start();
include("db.php");
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
die ('Username and/or password not set');
}
// Prepare our SQL
if ($stmt = $mysqli->prepare('SELECT password FROM users WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$username = $_POST['username'];
$username = strtolower($username);
$stmt->bind_param('s', $username);
if(!$stmt->execute()){
trigger_error("there was an error....".$mysqli->error, E_USER_WARNING);
}
$stmt->store_result();
// Store the result so we can check if the account exists in the database.
if ($stmt->num_rows > 0) {
$stmt->bind_result($password);
$stmt->fetch();
// Account exists, now we verify the password.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has loggedin!
header("Location: home.php");
} else {
echo 'Incorrect username and/or password!';
}
} else {
echo 'Incorrect username blar password!';
}
$stmt->close();
} else {
echo 'Could not prepare statement!';
}
?>
全部加在一起:
if ($stmt->num_rows > 0) {
$stmt->bind_result($password);
$stmt->fetch();
// Account exists, now we verify the password.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has loggedin!
header("Location: home.php");
} else {
echo 'Incorrect username and/or password!';
}
} else {
echo 'User doesnt exist';
}
$stmt->close();
<?php
session_start();
include("db.php");
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
die ('Username and/or password not set');
}
// Prepare our SQL
if ($stmt = $mysqli->prepare('SELECT password FROM users WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$username = $_POST['username'];
$username = strtolower($username);
$stmt->bind_param('s', $username);
if(!$stmt->execute()){
trigger_error("there was an error....".$mysqli->error, E_USER_WARNING);
}
$stmt->store_result();
// Store the result so we can check if the account exists in the database.
if ($stmt->num_rows > 0) {
$stmt->bind_result($password);
$stmt->fetch();
// Account exists, now we verify the password.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has loggedin!
header("Location: home.php");
} else {
echo 'Incorrect username and/or password!';
}
} else {
echo 'Incorrect username blar password!';
}
$stmt->close();
} else {
echo 'Could not prepare statement!';
}
?>
首先,为了安全起见,请查看关于准备好的语句的php指南
步骤1:要检查用户名和密码是否已输入:
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
die ('You must enter a username and password!');
}
步骤2:根据数据库检查用户名:
if ($stmt = $conn->prepare('SELECT password FROM users WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$username = $_POST['username'];
$stmt->bind_param('s', $username);
if(!$stmt->execute()){
trigger_error("there was an error....".$mysqli->error, E_USER_WARNING);
}
$stmt->store_result();
步骤3:检查密码是否匹配:
if ($stmt->num_rows > 0) {
$stmt->bind_result($password);
$stmt->fetch();
// Account exists, now we verify the password.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has loggedin!
header("Location: home.php");
} else {
echo 'Incorrect username and/or password!';
}
} else {
echo 'User doesnt exist';
}
$stmt->close();
<?php
session_start();
include("db.php");
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
die ('Username and/or password not set');
}
// Prepare our SQL
if ($stmt = $mysqli->prepare('SELECT password FROM users WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$username = $_POST['username'];
$username = strtolower($username);
$stmt->bind_param('s', $username);
if(!$stmt->execute()){
trigger_error("there was an error....".$mysqli->error, E_USER_WARNING);
}
$stmt->store_result();
// Store the result so we can check if the account exists in the database.
if ($stmt->num_rows > 0) {
$stmt->bind_result($password);
$stmt->fetch();
// Account exists, now we verify the password.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has loggedin!
header("Location: home.php");
} else {
echo 'Incorrect username and/or password!';
}
} else {
echo 'Incorrect username blar password!';
}
$stmt->close();
} else {
echo 'Could not prepare statement!';
}
?>
全部加在一起:
if ($stmt->num_rows > 0) {
$stmt->bind_result($password);
$stmt->fetch();
// Account exists, now we verify the password.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has loggedin!
header("Location: home.php");
} else {
echo 'Incorrect username and/or password!';
}
} else {
echo 'User doesnt exist';
}
$stmt->close();
<?php
session_start();
include("db.php");
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
die ('Username and/or password not set');
}
// Prepare our SQL
if ($stmt = $mysqli->prepare('SELECT password FROM users WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$username = $_POST['username'];
$username = strtolower($username);
$stmt->bind_param('s', $username);
if(!$stmt->execute()){
trigger_error("there was an error....".$mysqli->error, E_USER_WARNING);
}
$stmt->store_result();
// Store the result so we can check if the account exists in the database.
if ($stmt->num_rows > 0) {
$stmt->bind_result($password);
$stmt->fetch();
// Account exists, now we verify the password.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has loggedin!
header("Location: home.php");
} else {
echo 'Incorrect username and/or password!';
}
} else {
echo 'Incorrect username blar password!';
}
$stmt->close();
} else {
echo 'Could not prepare statement!';
}
?>
查看关于准备好的语句的php指南前面的问题发生了什么?为什么不更新上一个问题?因为我不知道把代码放在哪里。第二个答案是,我移动了我的代码,并把代码放进去,但那没有用。你们知道我能做些什么吗?杜凯,那个答案并没有真正意义,所以我想我们会重做这个问题。什么是$StorePassword=password\u散列($pw,password\u BCRYPT,数组('cost'=>8))代码>似乎没有在任何地方使用。。您可以接受SQL注入。你能比什么都不做
更具体一点吗?它是否加载了一个空白页,比如说请重试
,错误的密码
,错误的用户名
,其他?这就是密码在我的注册文件中是如何散列的。数据库中的密码是散列的吗?因为我看到你把它和从表格中得到的比较,而不是你散列出来的,上一个问题发生了什么?为什么不更新上一个问题?因为我不知道把代码放在哪里。第二个答案是,我移动了我的代码,并把代码放进去,但那没有用。你们知道我能做些什么吗?杜凯,那个答案并没有真正意义,所以我想我们会重做这个问题。什么是$StorePassword=password\u散列($pw,password\u BCRYPT,数组('cost'=>8))代码>似乎没有在任何地方使用。。您可以接受SQL注入。你能比什么都不做
更具体一点吗?它是否加载了一个空白页,比如说请重试
,错误的密码
,错误的用户名
,其他?这就是密码在我的注册文件中是如何散列的。数据库中的密码是散列的吗?因为我看到你把它和从表格中得到的比较,而不是你散列出来的,上一个问题发生了什么?为什么不更新上一个问题?因为我不知道把代码放在哪里。第二个答案是,我移动了我的代码,并把代码放进去,但那没有用。你们知道我能做些什么吗?杜凯,那个答案并没有真正意义,所以我想我们会重做这个问题。什么是$StorePassword=password\u散列($pw,password\u BCRYPT,数组('cost'=>8))代码>似乎没有在任何地方使用。。您可以接受SQL注入。你能比什么都不做
更具体一点吗?它是否加载了一个空白页,比如说请重试
,错误的密码
,错误的用户名
,其他?这就是密码在我的注册文件中是如何散列的。数据库中的密码是散列的吗?因为我看到你把它和从表格中得到的比较,而不是你散列出来的,上一个问题发生了什么?为什么不更新上一个问题?因为我不知道把代码放在哪里。第二个答案是,我移动了我的代码,并把代码放进去,但那没有用。你们知道我能做些什么吗?杜凯,那个答案并没有真正意义,所以我想我们会重做这个问题。什么是$StorePassword=password\u散列($pw,password\u BCRYPT,数组('cost'=>8))代码>似乎没有在任何地方使用。。您可以接受SQL注入。你能比什么都不做
更具体一点吗?它是否加载了一个空白页,比如说请重试
,错误的密码
,错误的用户名
,其他?这就是密码在我的注册文件中是如何散列的。数据库中的密码是散列的吗?因为我看到您将它与从表单中获得的代码进行比较,而不是您散列的代码。请查看我引用的文章,测试您的代码。您收到了什么错误消息?@jasonmith(!)注意:未定义索引:C:\wamp\www\interface\process.php中的StorePassword在第5行您必须输入用户名和密码!好的,记住您的post变量是'StorePassword'
Yea。他写的所有东西我都写进了我的代码里,但它不起作用。现在有什么错误?你需要测试你的代码,调试它。努力克服错误,