PHP Session Login返回错误的用户名和密码

时间:2013-03-30 17:22:56

标签: php session login mysqli credentials

尝试登录我的网站时,脚本会使用错误的用户名或密码返回Im。

index.html负责人:

<?php
session_start();
require_once 'classes/Membership.php';
$membership = new Membership();
if ($_POST && !empty ($_POST['username']) && !empty ($_POST['password'])) {
$response = $membership->validate_user($_POST['username'], $_POST['password']);
}
?>

index.html中的表单:

    <div class="login" id="register">
     <form method="POST" action="" accept-charset="utf-8">
      <fieldset>
       <p>
        <label for="username">Username</label><br />
        <input type="text" name="username" value="" id="username">
       </p>
       <p>
        <label for="password">Password</label><br />
        <input type="password" name="password" value="" id="password">
       </p>
      </fieldset>
      <input type="submit" class="button" value="Sign in">
     </form>
    </div>
<?php if(isset($response)) echo "<p class = 'error-msg'>" .$response.".</p>"; ?>

Membership.php 

<?php
require 'MySQL.php';

    class Membership
    {
        function validate_user($username, $password)
        {
            $mysql = new MySQL();
            $ensure_credentials = $mysql->verify_in_db($username,md5($password));

            if ($ensure_credentials)
            {
                $_SESSION['status'] = 'authorized';
                header("location: index_member.php");
            }
            else return "Please enter a correct username and password";
        }
    }

MySQL.php 

<?php
require_once 'includes/constants.php';

    class MySQL
        {
            private $conn;

            function __construct()
            {
             $this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) 
             or die ('There was a problem connecting to the database.');
            }

            function verify_in_db($username, $password)
            {
                $query = "SELECT * 
                                FROM users
                                WHERE username = ? AND password = ?
                                LIMIT 1";
                if ($stmt = $this->conn->prepare($query))
                {
                $stmt->bind_param('ss', $username, $password);
                $stmt->execute();

                    if ($stmt->fetch())
                    {
                        $stmt->close();
                        return true;
                    }
                }
            }
        }

constants.php 

<?php
// Define constants

define ('DB_SERVER', 'localhost');
define ('DB_USER', 'root');
define ('DB_PASSWORD', '');
define ('DB_NAME', 'membership');

没有数据库密码,不要混淆。在xampp上的Standart DB。 我尝试使用的凭据是100%正确的,sql常量也是如此。

1 个答案:

答案 0 :(得分:-1)

可能是因为你说的密码。它的

'password'

但由于MD5

,它应该是这样的 
'fglsdgjdfnfjlsmg905760657604657604jtvymwy'
相关问题
最新问题