我一直在和这个争斗好5小时,现在我的登录脚本现在什么都没有返回。
起初它允许有错误细节的人登录;我做了一些更改,它开始拒绝所有用户,即使是具有正确登录详细信息的用户。我删除了密码条件,并正确检索了用户。然后我再次删除用户名条件并将其替换为密码条件,并使用相同的密码检索所有用户,但是当我同时具有这两个条件时,它将返回null,错误或正确的凭据...
<?php
include( '../config.php' );
session_start();
if( isset( $_POST['login'] ) ) {
$username = $_POST['username'];
$password = mysql_real_escape_string(stripslashes($_POST['password']));
$salt = "ghvhgcfchgvbhvgkhbh";
echo $username.'<br>';
try{
$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sql = "SELECT * FROM users WHERE username = :username And password = :password LIMIT 1";
$stmt = $con->prepare( $sql );
$stmt->bindValue( "username", $username, PDO::PARAM_STR );
$stmt->bindValue( "password", hash("sha256", $password . $salt), PDO::PARAM_STR );
$stmt->execute();
$valid = $stmt->fetch();
echo '<br> it fetches'.$valid['username'];
print_r($valid);
$con = null;
if( $valid ) {
echo '<br> its valid';
print_r($valid);
$_SESSION['user'][0] = $valid['username'];
if (isset( $_SESSION['errors'] )){unset($_SESSION['errors']);}
//if(!empty($_SESSION['LogUrl'])){header("Location: ../{$_SESSION['LogUrl']}");}
else{header("Location: ../index.php"); }
} else {
$_SESSION['errors'] = 'AuthLogin';
header("Location: AuthPage.php");
}
}
catch (PDOException $e) {
echo "chian ".$e->getMessage();
}
} else {
echo 'Oops SeEye went blind!!!';
}
?>
这是我的注册脚本,只是因为我的密码发生了变化,我也忘记了......
<?php
include( '../config.php' );
//Include The Database Connection File
if( (isset( $_POST['register'] )) && empty($_SESSION['user']))//If a username has been submitted
{
$username = $_POST['usernam'];//Some clean up :)
$password = $_POST['password'];//Some clean up :)
$salt = "ghvhgcfchgvbhvgkhbh";
try{
$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sql = "SELECT * FROM users WHERE username='.$username.'";
$stmt = $con->prepare( $sql );
$stmt->execute();
$row = $stmt-> fetch();
$con = null;
if( !$row) {
try {
$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sql = "INSERT INTO users(username, password, Date_Joined)
VALUES(:username, :password, :Date_Joined)";
$stmt = $con->prepare( $sql );
$stmt->bindValue( "username", $username, PDO::PARAM_STR );
$stmt->bindValue( "password", hash("sha256", $password . $salt), PDO::PARAM_STR );
$stmt->bindValue( "Date_Joined", date("Y-m-d"), PDO::PARAM_STR );
$stmt->execute();
$con = null;
session_start();
$_SESSION['user'][0] = $_POST['usernam'];
if (isset( $_SESSION['errors'] )){unset($_SESSION['errors']);}
if(!empty($_SESSION['LogUrl'])){header("Location: {$_SESSION['LogUrl']}");}
else{header("Location: ../index.php"); }
}catch( PDOException $e ) {
echo $e->getMessage();
}
}
else
{
echo '0ops something went wrong';//No Record Found - Username is available
}
}catch (PDOException $e) {
echo $e->getMessage();
}
} else {
echo 'Oops SeEye went blind!!!';
}
?>
再次感谢您