Fatal编程技术网
  • php/
  • php pdo登录失败

php pdo登录失败

php mysql passwords

php pdo登录失败,php,mysql,pdo,passwords,Php,Mysql,Pdo,Passwords,我已经学习了一个简单的php登录和注册脚本的在线教程,但是当我尝试登录失败时,出现了错误消息“登录失败。请重试,或注册”。注册页面的工作原理是在数据库中创建一个新条目,但它也不会重定向到给定的重定向页面。代码如下: class.user.php(配置文件中只包含一次) login.php <?php $page_title = "Love Deals Login"; require('inc/connect/config.php'); include('inc/header.php')

我已经学习了一个简单的php登录和注册脚本的在线教程,但是当我尝试登录失败时,出现了错误消息“登录失败。请重试,或注册”。注册页面的工作原理是在数据库中创建一个新条目,但它也不会重定向到给定的重定向页面。代码如下:

class.user.php(配置文件中只包含一次)
login.php

<?php
$page_title = "Love Deals Login";
require('inc/connect/config.php');
include('inc/header.php');

if($user->is_loggedin()!="") {
$user->redirect('home.php');
}

if(isset($_POST['login'])) {
$uname = $_POST['txt_uname'];
$upass = $_POST['txt_upass'];

if($user->login($uname,$upass)) {
    $user->redirect('home.php');
} else {
    $error = "Login failed. Please try again, or register";
}
}

?>

<div class="container" style="padding: 100px 0 0 0;">
<div class="form-container">
    <form method="post" id="login">
        <h3>Please login</h3>
        <?php if(isset($error)) {
            ?>
            <div class="alert alert-danger">
                <i class="glyphicon glyphicon-warning-sign"></i> &nbsp; <?php echo $error; ?>
            </div>
            <?php
        }
        ?>
        <div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
            <input type="text" class="form-control" name="txt_uname" placeholder="Username" required />
        </div>
        <div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
            <input type="password" class="form-control" name="txt_upass" placeholder="Password" required />
        </div>
        <div class="clearfix"></div>
        <div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
            <button type="submit" name="login" class="btn btn-primary pull-right">
                <i class="glyphicon glyphicon-log-in"></i>&nbsp;Login</button>
        </div>
        <div class="col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3" style="text-align: center;">
            <label>Don't have an account yet? <a href="signup.php">Register now</a></label>
        </div>
    </form>
 </div>
</div>

<footer class="navbar-fixed-bottom search-footer">
    <div class="container">
        <div class="row">

<?php include('inc/footer.php'); ?>

<?php
$page_title = "Love Deals Register";
require('inc/connect/config.php');
include('inc/header.php');

if($user->is_loggedin()!="") {
$user->redirect('home.php');
}

if(isset($_POST['signup'])) {
$u_fname = trim($_POST['sign_fname']);
$u_lname = trim($_POST['sign_lname']);
$u_tel = trim($_POST['sign_tel']);
$u_email = trim($_POST['sign_email']);
$uname = trim($_POST['sign_uname']);
$upass = trim($_POST['sign_upass']);

if($u_fname=="") {
    $error[] = "please provide first name";
} else if ($u_lname=="") {
    $error[] = "please provide last name";
} else if($u_tel=="") {
    $error[] = "please provide contact number";
} else if($u_email=="") {
    $error[] = "please provide an email address";
} else if(!filter_var($u_email, FILTER_VALIDATE_EMAIL)) {
    $error[] = "please provide a valid email address";
} else if($uname=="") {
    $error[] = "please provide username";
} else if($upass=="") {
    $error[] = "please provide password";
} else if(strlen($upass) < 8) {
    $error[] = "Password must be at least 8 characters";
} else {

    try {
        $stmt = $db->prepare("SELECT user FROM users WHERE user=:uname");
        $stmt->execute(array(':uname'=>$uname));
        $row=$stmt->fetch(PDO::FETCH_ASSOC);

        if($row['user']==$uname) {
            $error[] = "sorry, username already taken! please choose another";
        } else {
            if($user->register($u_fname,$u_lname,$u_tel,$u_email,$uname,$upass)) {
                $user->redirect('signup.php?joined');
            }
        }
    } catch(PDOException $e) {
        echo $e->getMessage();
    }
}
}

?>

<div class="container" style="padding: 100px 0 0 0;">
<div class="form container">
    <form method="post" id="signup">
        <h3>Register</h3>
        <?php if(isset($error)) {
            foreach($error as $error) {
                ?>
                <div class="alert alert-danger">
                    <i class="glyphicon glyphicon-warning-sign"></i> &nbsp; <?php echo $error; ?>
                </div>
                <?php
            }
        } else if(isset($_GET['joined'])) {
            ?>
            <div class="alert alert-info">
                <i class="glyphicon glyphicon-log-in"></i> &nbsp; Thanks! You are now registered. <a href="login.php">Login</a>
            </div>
            <?php
        }
        ?>
        <div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
            <input type="text" class="form-control" name="sign_fname" placeholder="First Name" required />
        </div>
        <div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
            <input type="text" class="form-control" name="sign_lname" placeholder="Last Name" required />
        </div>
        <div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
            <input type="text" class="form-control" name="sign_tel" placeholder="Contact Number" required />
        </div>
        <div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
            <input type="text" class="form-control" name="sign_email" placeholder="Email" value="<?php if(isset($error)){echo $umail;}?>" required />
        </div>
        <div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
            <input type="text" class="form-control" name="sign_uname" placeholder="Username" value="<?php if(isset($error)){echo $uname;}?>" required />
        </div>
        <div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
            <input type="password" class="form-control" name="sign_upass" placeholder="Password" required />
        </div>
        <div class="clearfix"></div>
        <div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3">
            <button type="submit" class="btn btn-primary center-block" name="signup">
            <i class="glyphicon glyphicon-open-file"></i>&nbsp;Register</button>
        </div>
        <div class="col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3" style="text-align: center;">
            <label>Already have an account? <a href="login.php">Login</a></label>
        </div>
    </form>
 </div>
</div>


<footer class="navbar-fixed-bottom search-footer">
    <div class="container">
        <div class="row">

<?php include('inc/footer.php'); ?>

<?php
$page_title = "Love Deals User Home";
require('inc/connect/config.php');
include('inc/header.php');

if(!$user->is_loggedin()) {
$user->redirect('login.php');
}
$user_id = $_SESSION['user_session'];
$stmt = $db->prepare("SELECT * FROM users WHERE id=:user_id");
$stmt->execute(array(":user_id"=>$user_id));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
?>

<div class="container" style="padding: 100px 0 0 0;">
<h3>welcome back <?php print($userRow['user']); ?></h3>
</div>
<div>
<label><a href="logout.php?logout=true"><i class="glyphicon glyphicon-log-out"> logout</a></label>
</div>


请登录
登录
你还没有账户吗?
signup.php

<?php
$page_title = "Love Deals Login";
require('inc/connect/config.php');
include('inc/header.php');

if($user->is_loggedin()!="") {
$user->redirect('home.php');
}

if(isset($_POST['login'])) {
$uname = $_POST['txt_uname'];
$upass = $_POST['txt_upass'];

if($user->login($uname,$upass)) {
    $user->redirect('home.php');
} else {
    $error = "Login failed. Please try again, or register";
}
}

?>

<div class="container" style="padding: 100px 0 0 0;">
<div class="form-container">
    <form method="post" id="login">
        <h3>Please login</h3>
        <?php if(isset($error)) {
            ?>
            <div class="alert alert-danger">
                <i class="glyphicon glyphicon-warning-sign"></i> &nbsp; <?php echo $error; ?>
            </div>
            <?php
        }
        ?>
        <div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
            <input type="text" class="form-control" name="txt_uname" placeholder="Username" required />
        </div>
        <div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
            <input type="password" class="form-control" name="txt_upass" placeholder="Password" required />
        </div>
        <div class="clearfix"></div>
        <div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
            <button type="submit" name="login" class="btn btn-primary pull-right">
                <i class="glyphicon glyphicon-log-in"></i>&nbsp;Login</button>
        </div>
        <div class="col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3" style="text-align: center;">
            <label>Don't have an account yet? <a href="signup.php">Register now</a></label>
        </div>
    </form>
 </div>
</div>

<footer class="navbar-fixed-bottom search-footer">
    <div class="container">
        <div class="row">

<?php include('inc/footer.php'); ?>

<?php
$page_title = "Love Deals Register";
require('inc/connect/config.php');
include('inc/header.php');

if($user->is_loggedin()!="") {
$user->redirect('home.php');
}

if(isset($_POST['signup'])) {
$u_fname = trim($_POST['sign_fname']);
$u_lname = trim($_POST['sign_lname']);
$u_tel = trim($_POST['sign_tel']);
$u_email = trim($_POST['sign_email']);
$uname = trim($_POST['sign_uname']);
$upass = trim($_POST['sign_upass']);

if($u_fname=="") {
    $error[] = "please provide first name";
} else if ($u_lname=="") {
    $error[] = "please provide last name";
} else if($u_tel=="") {
    $error[] = "please provide contact number";
} else if($u_email=="") {
    $error[] = "please provide an email address";
} else if(!filter_var($u_email, FILTER_VALIDATE_EMAIL)) {
    $error[] = "please provide a valid email address";
} else if($uname=="") {
    $error[] = "please provide username";
} else if($upass=="") {
    $error[] = "please provide password";
} else if(strlen($upass) < 8) {
    $error[] = "Password must be at least 8 characters";
} else {

    try {
        $stmt = $db->prepare("SELECT user FROM users WHERE user=:uname");
        $stmt->execute(array(':uname'=>$uname));
        $row=$stmt->fetch(PDO::FETCH_ASSOC);

        if($row['user']==$uname) {
            $error[] = "sorry, username already taken! please choose another";
        } else {
            if($user->register($u_fname,$u_lname,$u_tel,$u_email,$uname,$upass)) {
                $user->redirect('signup.php?joined');
            }
        }
    } catch(PDOException $e) {
        echo $e->getMessage();
    }
}
}

?>

<div class="container" style="padding: 100px 0 0 0;">
<div class="form container">
    <form method="post" id="signup">
        <h3>Register</h3>
        <?php if(isset($error)) {
            foreach($error as $error) {
                ?>
                <div class="alert alert-danger">
                    <i class="glyphicon glyphicon-warning-sign"></i> &nbsp; <?php echo $error; ?>
                </div>
                <?php
            }
        } else if(isset($_GET['joined'])) {
            ?>
            <div class="alert alert-info">
                <i class="glyphicon glyphicon-log-in"></i> &nbsp; Thanks! You are now registered. <a href="login.php">Login</a>
            </div>
            <?php
        }
        ?>
        <div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
            <input type="text" class="form-control" name="sign_fname" placeholder="First Name" required />
        </div>
        <div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
            <input type="text" class="form-control" name="sign_lname" placeholder="Last Name" required />
        </div>
        <div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
            <input type="text" class="form-control" name="sign_tel" placeholder="Contact Number" required />
        </div>
        <div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
            <input type="text" class="form-control" name="sign_email" placeholder="Email" value="<?php if(isset($error)){echo $umail;}?>" required />
        </div>
        <div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
            <input type="text" class="form-control" name="sign_uname" placeholder="Username" value="<?php if(isset($error)){echo $uname;}?>" required />
        </div>
        <div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
            <input type="password" class="form-control" name="sign_upass" placeholder="Password" required />
        </div>
        <div class="clearfix"></div>
        <div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3">
            <button type="submit" class="btn btn-primary center-block" name="signup">
            <i class="glyphicon glyphicon-open-file"></i>&nbsp;Register</button>
        </div>
        <div class="col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3" style="text-align: center;">
            <label>Already have an account? <a href="login.php">Login</a></label>
        </div>
    </form>
 </div>
</div>


<footer class="navbar-fixed-bottom search-footer">
    <div class="container">
        <div class="row">

<?php include('inc/footer.php'); ?>

<?php
$page_title = "Love Deals User Home";
require('inc/connect/config.php');
include('inc/header.php');

if(!$user->is_loggedin()) {
$user->redirect('login.php');
}
$user_id = $_SESSION['user_session'];
$stmt = $db->prepare("SELECT * FROM users WHERE id=:user_id");
$stmt->execute(array(":user_id"=>$user_id));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
?>

<div class="container" style="padding: 100px 0 0 0;">
<h3>welcome back <?php print($userRow['user']); ?></h3>
</div>
<div>
<label><a href="logout.php?logout=true"><i class="glyphicon glyphicon-log-out"> logout</a></label>
</div>


登记
谢谢您现在已注册。
“我只是将密码列设置为varchar,最多25个字符…–Kaylee”

这就是问题所在
password\u hash()
生成60个字符。长度字符串

您当前的密码如下所示,例如:


$2y$10$.vGA1O9wmRjrwAVXD9

与它的外观相反,即:


2y$10$.vga1O9WMRJRWAVXD98HNOGSNPCZLQM3JQ7KNED1RVAGV3FYKK1A

“使用bcrypt算法(从PHP5.5.0起默认)。请注意,此常量旨在随着新的更强算法添加到PHP中而随时间变化。因此,使用此标识符的结果长度可能会随时间变化。因此,建议将结果存储在可扩展到60个字符以上的数据库列中(255个字符将是一个不错的选择)。”


    

  • 您需要清除密码行,将列的长度更改为60+或按照手册建议的255,然后用新的哈希重新开始。
    • 


参考:


    

  • 


另外,看到您正在使用会话,请确保它是在使用会话的所有页面中启动的


    

  • 


检查错误


    

  • 

  • 


还要确保函数没有变量作用域问题

如果是这样,将db连接传递给它们



编辑:

我似乎错过了一些东西,OP很好心地将其包含在评论中:

“我现在已成功登录(Yaaay)…必须将$user->redirect()更改为header(),但它现在正在工作!”

“我只是将密码列设置为varchar,最多25个字符…–Kaylee”

这就是问题所在
password\u hash()
生成60个字符。长度字符串

您当前的密码如下所示,例如:


$2y$10$.vGA1O9wmRjrwAVXD9

与它的外观相反,即:


2y$10$.vga1O9WMRJRWAVXD98HNOGSNPCZLQM3JQ7KNED1RVAGV3FYKK1A

“使用bcrypt算法(从PHP5.5.0起默认)。请注意,此常量旨在随着新的更强算法添加到PHP中而随时间变化。因此,使用此标识符的结果长度可能会随时间变化。因此,建议将结果存储在可扩展到60个字符以上的数据库列中(255个字符将是一个不错的选择)。”


    

  • 您需要清除密码行,将列的长度更改为60+或按照手册建议的255,然后用新的哈希重新开始。
    • 


参考:


    

  • 


另外,看到您正在使用会话,请确保它是在使用会话的所有页面中启动的


    

  • 


检查错误


    

  • 

  • 


还要确保函数没有变量作用域问题

如果是这样,将db连接传递给它们



编辑:

我似乎错过了一些东西,OP很好心地将其包含在评论中:

“我现在已成功登录(Yaaay)…必须将$user->redirect()更改为header(),但它现在正在工作!”


这不是一个修复方案,但出于安全原因,我建议在会话中存储登录密钥,而不是id,然后创建一个随机的gen salt,并用salt散列密码。我认为会话已启动。密码列的长度是多少?抱歉。。。我只是将password列设置为varchar,最多25个字符…下面是我的答案。不是修复方法,但出于安全原因,我建议在会话中存储登录密钥,而不是id,然后创建一个随机的gen salt并用salt对密码进行哈希。我认为会话已启动。密码列的长度是多少?抱歉。。。我只是将密码列设置为varchar,最多25个字符…您有下面的答案,我的。downvoter,您想在这里解释一下吗?这很明显。你愿意和世界上其他人分享你的上帝赐予的智慧吗?谢谢,我现在就改变它,希望能解决它!弗雷德-ii-你绝对的上帝你,我现在已经成功登录(耶)。。。必须将$user->redirect()更改为header(),但它现在可以工作了!谢谢again@Kaylee很高兴听到,凯莉,干杯!不客气,唐纳,你能解释一下吗?这很明显。你愿意和世界上其他人分享你的上帝赐予的智慧吗?谢谢,我现在就改变它,希望能解决它!弗雷德-ii-你绝对的上帝你,我现在已经成功登录(耶)。。。必须将$user->redirect()更改为header(),但它现在可以工作了!谢谢again@Kaylee很高兴听到,凯莉,干杯!不客气。