密码/登录的PHP IF语句未按计划执行
我正在使用McRyptPHP扩展构建一个简单的登录系统。我不确定这是否是最好的方法,但我的代码如下:密码/登录的PHP IF语句未按计划执行,php,if-statement,encryption,login,comparison,Php,If Statement,Encryption,Login,Comparison,我正在使用McRyptPHP扩展构建一个简单的登录系统。我不确定这是否是最好的方法,但我的代码如下: <?php session_start(); require_once('classes/Crypt.class.php'); date_default_timezone_set("America/New_York"); $_SESSION['loggedIn'] = false; $encryption = new Crypt(); if (!empty($_POST['loginN
<?php
session_start();
require_once('classes/Crypt.class.php');
date_default_timezone_set("America/New_York");
$_SESSION['loggedIn'] = false;
$encryption = new Crypt();
if (!empty($_POST['loginNow'])) {
$dateCompleted = date("Y-m-d");
$birthday = $_POST['birthdayYear'] . "-" . $_POST['birthdayMonth'] . "-" . $_POST['birthdayDay'];
//Connect to SQL
$dbhandle = new PDO("mysql:host=mysql.domain.com;dbname=database", "admin", "pass");
$dbhandle->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//prepare data for select
$sql = "SELECT `email-address`,`password`,`iv` FROM `users` WHERE `email-address` = '" . $_POST['emailAddress'] . "';";
$stmt = $dbhandle->prepare($sql);
//Execute
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_BOTH);
if ($row['email-address']) {
$decryptPassword = $encryption->decrypt($row['password'],$row['iv']);
if ("123" == "123") {
$_SESSION['loggedIn'] = true;
header("Location: profile.php");
exit();
} else {
$_SESSION['loggedIn'] = false;
header("Location: login.php?error=incorrectLogin");
exit();
}
} else {
$newEncrypted = $encryption->encrypt($_POST['password']);
$newIV = substr($newEncrypted, 0, 32);
$newCryptPassword = substr($newEncrypted, 32);
//Put form results into an array
$data = array($_POST['firstName'],$_POST['lastName'],$_POST['emailAddress'],$newCryptPassword,$newIV,$birthday,$dateCompleted);
//prepare data for insert
$stmt2 = $dbhandle->prepare("INSERT INTO users (`first-name`,`last-name`,`email-address`,`password`,`iv`,`birthday`,`date-completed`)
values (?, ?, ?, ?, ?, ?, ?)");
//execute query
$stmt2->execute($data);
$_SESSION['loggedIn'] = true;
header("Location: profile.php");
exit();
}
}
?>
123
123
串
gettype($_POST['password']
$decryptPassword == $_POST['password']
串
gettype($_POST['password']
$decryptPassword == $_POST['password']
bool(false)只是一些旁注:两个表单元素都包含name属性,并且没有拼写错误/字母大小写问题?您还需要
session_start()代码>加载到使用会话的所有页面中,您应该添加exit
在每个header.BTW之后,检查($row['email-address']=$\u POST['emailAddress'])
,尽管由于某种原因它不起作用,但绝对没有用,因为您已经从数据库中选择了行,该行要么为空,要么电子邮件地址
完全等于\u POST
值(参见您对数据库的查询。)@Fred ii-感谢您的评论,您在我的表单元素中的“name属性”是什么意思?以及我在会话_start()中的错误;
,我没有复制/粘贴整个脚本,一定是错过了。我现在将它添加到op中。退出;
我不知道的事情,谢谢你。不客气。name=“password”
和name=“emailAddress”
-Nota:emailAddress
与emailAddress
@mudasobwa不一样嗨,这不是if语句有问题。虽然我理解你的意思,但这是没有用的,因为查询已经消除了除输入的电子邮件之外的任何内容。我想我可以将其删除r、 谢谢。
gettype($_POST['password']
$decryptPassword == $_POST['password']