我正在尝试创建登录表单,但用户名和密码验证无法正常工作。 $AccountValidation
始终返回0
,而我是肯定的,我填写了正确的密码和用户名。首先,用户必须注册更多变量(即名字),然后他们可以转到login.html
页面,然后转到login.php
下面的文件。
我有var_dumped
所有变量,所有变量都很顺利。
$Username = strip_tags($_POST['Username']);
$Password = md5(strip_tags($_POST['Password']));
if(empty($Username) || empty($Password)) die('Vul alle waarden in op <a href="login.php">het formulier</a>.');
$db = new mysqli($host, $user, $pass, 'accounts', 3306);
$sql = "SELECT Username, Password FROM users where Username = '$Username' AND Password = '" . $Password . '\'';
$results = $db->query($sql);
$AccountValidation = $results->num_rows;
if($AccountValidation == 1)
{
$_SESSION['login'] = 'yes';
header('location: xxxxx');
} else{
echo'Your account does not exist or you have not filled in the required information.<br> Retry <a href="Login.html">here</a> or create a new account <a href="GetInfo.html">here</a>';
}
?>
var_dump $ results
object(mysqli_result)#2 (5) { ["current_field"]=> int(0) ["field_count"]=> int(2) ["lengths"]=> NULL ["num_rows"]=> int(0) ["type"]=> int(0) }
var_dump $ AccountValidation
int(0)
编辑:
找到解决方案。 MD5有32个字符,我只允许20个密码上传到MySQL。有时它可能是这个愚蠢的......
答案 0 :(得分:0)
N.B。:此答案是作为使用MD5(目前使用)的替代方法提供的。
OP和我都很清楚所涉及的风险。
&#34;我是故意这样做的。我希望能够看到代码可以改进的地方并继续改进。因为那是我接受培训的地方。这个项目永远不会上线,这只是我想要学习的东西。我虽然也很开心。&#34;
(适用测试)强> 的
用户名和密码创建脚本:
<?php
DEFINE ('DB_USER', 'xxx');
DEFINE ('DB_PASSWORD', 'xxx');
DEFINE ('DB_HOST', 'xxx');
DEFINE ('DB_NAME', 'xxx');
$mysqli = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
OR die("could not connect");
$username = "user";
$password = "12345";
$md5_pass = md5($password);
$result = mysqli_query($mysqli,"INSERT INTO users (username, password) VALUES ('$username', '$md5_pass') ") or die(mysqli_error());
if($result){
echo "Success";
}
else{
echo "Sorry";
}
?>
登录脚本:(SQL / HTML作为单个文件)
<?php
DEFINE ('DB_USER', 'xxx');
DEFINE ('DB_PASSWORD', 'xxx');
DEFINE ('DB_HOST', 'xxx');
DEFINE ('DB_NAME', 'xxx');
$mysqli = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
OR die("could not connect");
if(isset($_POST['submit'])){
// Grab User submitted information
$name = mysqli_real_escape_string($mysqli,$_POST["users_name"]);
$pass = mysqli_real_escape_string($mysqli,md5($_POST["users_pass"]));
$result = mysqli_query($mysqli,"SELECT username, password FROM users WHERE username = '$name' AND password='$pass'");
$row = mysqli_fetch_array($result);
if($row["username"]==$name && $row["password"]==$pass){
echo"You are a validated user.";
}
else{
echo"Sorry, your credentials are not valid, Please try again.";
}
} // if(isset($_POST['submit'])){
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title></title>
</head>
<body>
<form method="post" action="">
<table border="1" >
<tr>
<td><label for="users_name">Username</label></td>
<td><input type="text"
name="users_name" id="users_name"></td>
</tr>
<tr>
<td><label for="users_pass">Password</label></td>
<td><input name="users_pass" type="password" id="users_pass"></input></td>
</tr>
<tr>
<td><input type="submit" name="submit" value="Submit"/>
<td><input type="reset" value="Reset"/>
</tr>
</table>
</form>
</body>
</html>
<强>声明:强>
最好将mysqli_*
函数与prepared statements或PDO一起使用,并使用crypt()
或PHP 5.5&#39; password_hash()
函数密码存储。