Php 用户可以登录到我的网站,尽管我的会员表中没有用户身份——为什么?
如果一个用户不存在,它应该在登录屏幕上抛出一个错误,但是该用户随后会被带到主页,就像他们以前在我的签名控制器中注册一样。登录控制器-验证凭据函数-和我的模型-函数can_log_in()-将说明应该反弹的错误 型号:Php 用户可以登录到我的网站,尽管我的会员表中没有用户身份——为什么?,php,codeigniter,Php,Codeigniter,如果一个用户不存在,它应该在登录屏幕上抛出一个错误,但是该用户随后会被带到主页,就像他们以前在我的签名控制器中注册一样。登录控制器-验证凭据函数-和我的模型-函数can_log_in()-将说明应该反弹的错误 型号: class Membership extends CI_Model { function Membership() { parent::__construct(); } public function can_log_in() { $this->db-
class Membership extends CI_Model
{
function Membership()
{
parent::__construct();
}
public function can_log_in()
{
$this->db->select('*')->from('membership');
$this->db->where('username', $this->input->post ('username'));
$this->db->where('password', md5($this->input->post ('password')));
$query = $this->db->get('membership');
if ($query->num_rows() == 1)
{
return true;
}
else{
return false;
}
}
class Login extends CI_Controller
{
function Login()
{
parent::__construct();
$this->load->model('membership');
}
function loguserin()
{
$this->load->helper(array('form', 'url'));
$this->load->library('form_validation');
$this->form_validation->set_rules('username', 'Username', 'required|min_length[5]|max_length[12]|trim');
$this->form_validation->set_rules('password', 'Password', 'required|md5|trim');
$username = $this->input->post('username');
$password = $this->input->post('password');
if ($this->form_validation->run()==TRUE)
{
$this->load->model('membership');
if($this->membership->can_log_in($this->input->post('username'),$this->input->post('password'))
{ // this is unepected despite a new if statement called
$this->session->set_userdata('status', 'OK');
$this->session->set_userdata('username', $username);
redirect('home');
} else //this else is unexpected
{
$this->session->set_userdata('status', 'NOT_OK');
$this->session->set_flashdata('Incorrect username/password');
$this->index();
}
} else {
$this->index;
}
}
function logout()
{
$this->session->sess_destroy();
redirect ('start');
}
function index()
{
$this->load->view('shared/header');
$this->load->view('account/logintitle');
$this->load->view('account/loginview');
$this->load->view('shared/footer');
}
}
if ($this->form_validation->run())
你的逻辑到处都是,你误解了表单验证的概念。表单验证验证表单输入,仅此而已,它不验证凭据。老实说,您拥有的validate_credentials函数是毫无意义的,因为您不能从run函数外部调用表单验证错误。所以你最好让它完全消失 首先,form_验证后的初始调用应如下所示:
if ($this->form_validation->run()==TRUE)
{
$this->load->model('membership');
if($this->membership->can_log_in($this->input->post('username'),$this->input->post('password')))
{
$this->session->set_userdata('status', 'OK');
$this->session->set_userdata('username', $username);
redirect('home');
} else {
$this->session->set_userdata('status', 'NOT_OK');// you'll need to do something
// here to tell them their credentials are wrong as I said this won't work through
// the form validation, perhaps look into using $this->session->set_flashdata()
$this->index();
}
} else {
$this->index; //reload the index to display the validation errors
public function can_log_in($username,$password)
{
$this->db->select('*')->from('membership');
$this->db->where('username', $username);
$this->db->where('password', md5($password));
你确定if-else语句中的if-else语句是允许的吗?谢谢你简洁的回答。我试过以下方法:请看上面的修改。我在这一行中遗漏了一个括号:如果($this->membership->can_logu_____$this->input->post('username'),$this->input->post('password')),如果你遇到意外错误,请始终检查你在前面的语句中是否所有括号都已关闭,并且你在这一行末尾使用分号,它很少被称为错误,而且几乎总是在这之前。请记住,您仍然需要对模型进行更改,以使其完全正常工作。
public function can_log_in($username,$password)
{
$this->db->select('*')->from('membership');
$this->db->where('username', $username);
$this->db->where('password', md5($password));