无效证件?

时间:2013-07-22 01:28:01

标签: java php

好的,我有一个关于$ _POST的问题。我正在尝试从Android应用程序发送一些值(使用HTTPclient)我正在开发但是当我要求发回消息时,PHP会发送Invalid Credentials消息。我想弄清楚为什么会发生这种情况以及如何解决它:

登录

<?php

//load and connect to MySQL database stuff
require("configmob.php");

if (!empty($_POST)) {
//gets user's info based off of a username.
$query = " 
        SELECT  
            myusername, 
            mypassword
        FROM Customer
        WHERE 
            myusername = :myusername AND
            mypassword = :mypassword";

$query_params = array(
    ':myusername' => $_POST['username'],
':mypassword' => $_POST['password']
);

try {
    $stmt   = $db->prepare($query);
    $result = $stmt->execute($query_params);
}
catch (PDOException $ex) {
    // For testing, you could use a die and message. 
    //die("Failed to run query: " . $ex->getMessage());

    //or just use this use this one to product JSON data:
    $response["success"] = 0;
    $response["message"] = "Database Error1. Please Try Again!";
    die(json_encode($response));

}

//This will be the variable to determine whether or not the user's information is correct.
//we initialize it as false.
$validated_info = false;

//fetching all the rows from the query
$row = $stmt->fetch();
if ($row) {
    //if we encrypted the password, we would unencrypt it here, but in our case we just
    //compare the two passwords
    if ($_POST['password'] === $row['password']) {
        $login_ok = true;
    }
}

// If the user logged in successfully, then we send them to the private members-only page 
// Otherwise, we display a login failed message and show the login form again 
if ($login_ok) {
    $response["success"] = 1;
    $response["message"] = "Login successful!";
    die(json_encode($response));
} else {
    $response["success"] = 0;
    $response["message"] = "Invalid Credentials!";
    die(json_encode($response));
}

}

?>

配置

<?php 

// These variables define the connection information for your MySQL database 
$host = "mysql17.000webhost.com"; 
$dbname = "a4335408_data1";     
$username = "******"; 
$password = "******"; 




// UTF-8 is a character encoding scheme that allows you to conveniently store 
// a wide varienty of special characters, like ¢ or €, in your database. 
// By passing the following $options array to the database connection code we 
// are telling the MySQL server that we want to communicate with it using UTF-8 
// See Wikipedia for more information on UTF-8: 
// http://en.wikipedia.org/wiki/UTF-8 
$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'); 

// A try/catch statement is a common method of error handling in object oriented code. 
// First, PHP executes the code within the try block.  If at any time it encounters an 
// error while executing that code, it stops immediately and jumps down to the 
// catch block.  For more detailed information on exceptions and try/catch blocks: 
// http://us2.php.net/manual/en/language.exceptions.php 
try 
{ 
    // This statement opens a connection to your database using the PDO library 
    // PDO is designed to provide a flexible interface between PHP and many 
    // different types of database servers.  For more information on PDO: 
    // http://us2.php.net/manual/en/class.pdo.php 
    $db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password, $options); 
} 
catch(PDOException $ex) 
{ 
    // If an error occurs while opening a connection to your database, it will 
    // be trapped here.  The script will output an error and stop executing. 
    // Note: On a production website, you should not output $ex->getMessage(). 
    // It may provide an attacker with helpful information about your code 
    // (like your database username and password). 
    die("Failed to connect to the database: " . $ex->getMessage()); 
} 

// This statement configures PDO to throw an exception when it encounters 
// an error.  This allows us to use try/catch blocks to trap database errors. 
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 

// This statement configures PDO to return database rows from your database using an    
associative 
// array.  This means the array will have string indexes, where the string value 
// represents the name of the column in your database. 
$db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); 

// This block of code is used to undo magic quotes.  Magic quotes are a terrible 
// feature that was removed from PHP as of PHP 5.4.  However, older installations 
// of PHP may still have magic quotes enabled and this code is necessary to 
// prevent them from causing problems.  For more information on magic quotes: 
// http://php.net/manual/en/security.magicquotes.php 
if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) 
{ 
    function undo_magic_quotes_gpc(&$array) 
    { 
        foreach($array as &$value) 
        { 
            if(is_array($value)) 
            { 
                undo_magic_quotes_gpc($value); 
            } 
            else 
            { 
                $value = stripslashes($value); 
            } 
        } 
    } 

    undo_magic_quotes_gpc($_POST); 
    undo_magic_quotes_gpc($_GET); 
    undo_magic_quotes_gpc($_COOKIE); 
} 

// This tells the web browser that your content is encoded using UTF-8 
// and that it should submit content back to you using UTF-8 
header('Content-Type: text/html; charset=utf-8'); 

// This initializes a session.  Sessions are used to store information about 
// a visitor from one web page visit to the next.  Unlike a cookie, the information is 
// stored on the server-side and cannot be modified by the visitor.  However, 
// note that in most cases sessions do still use cookies and require the visitor 
// to have cookies enabled.  For more information about sessions: 
// http://us.php.net/manual/en/book.session.php 
session_start(); 

// Note that it is a good practice to NOT end your PHP files with a closing PHP tag. 
// This prevents trailing newlines on the file from being included in your output, 
// which can cause problems with redirecting users.



?>  

发送信息的JSON Parser:

if(method == "POST"){
            // request method is POST
            // defaultHttpClient
            DefaultHttpClient httpClient = new DefaultHttpClient();
            HttpPost httpPost = new HttpPost(url);
            httpPost.setEntity(new UrlEncodedFormEntity(params));

            HttpResponse httpResponse = httpClient.execute(httpPost);
            HttpEntity httpEntity = httpResponse.getEntity();
            is = httpEntity.getContent();
try {
        BufferedReader reader = new BufferedReader(new InputStreamReader(
                is, "iso-8859-1"), 8);
        StringBuilder sb = new StringBuilder();
        String line = null;
        while ((line = reader.readLine()) != null) {
            sb.append(line + "\n");
        }
        is.close();
        json = sb.toString();

谢谢,我希望这个问题不是太难或什么的。

0 个答案:

没有答案