验证用户名和密码

时间:2014-03-20 15:16:34

标签: php mysqli

我正在尝试创建登录表单,但用户名和密码验证无法正常工作。 $AccountValidation始终返回0,而我是肯定的,我填写了正确的密码和用户名。首先,用户必须注册更多变量(即名字),然后他们可以转到login.html页面,然后转到login.php下面的文件。

我有var_dumped所有变量,所有变量都很顺利。

$Username = strip_tags($_POST['Username']);
$Password = md5(strip_tags($_POST['Password']));

if(empty($Username) || empty($Password)) die('Vul alle waarden in op <a href="login.php">het formulier</a>.');

$db = new mysqli($host, $user, $pass, 'accounts', 3306);

$sql = "SELECT Username, Password FROM users where Username = '$Username' AND Password = '" . $Password . '\'';
$results = $db->query($sql);

$AccountValidation = $results->num_rows;

if($AccountValidation == 1)
{
$_SESSION['login'] = 'yes';
header('location: xxxxx');
}   else{
    echo'Your account does not exist or you have not filled in the required    information.<br> Retry <a href="Login.html">here</a> or create a new account <a href="GetInfo.html">here</a>';
}
?>

var_dump $ results

object(mysqli_result)#2 (5) { ["current_field"]=> int(0) ["field_count"]=> int(2) ["lengths"]=> NULL ["num_rows"]=> int(0) ["type"]=> int(0) }

var_dump $ AccountValidation

int(0)

编辑:

找到解决方案。 MD5有32个字符,我只允许20个密码上传到MySQL。有时它可能是这个愚蠢的......

1 个答案:

答案 0 :(得分:0)

N.B。:此答案是作为使用MD5目前使用)的替代方法提供的。

OP和我都很清楚所涉及的风险。

  

&#34;我是故意这样做的。我希望能够看到代码可以改进的地方并继续改进。因为那是我接受培训的地方。这个项目永远不会上线,这只是我想要学习的东西。我虽然也很开心。&#34;


(适用测试)

用户名和密码创建脚本:

<?php
DEFINE ('DB_USER', 'xxx');
DEFINE ('DB_PASSWORD', 'xxx');  
DEFINE ('DB_HOST', 'xxx');
DEFINE ('DB_NAME', 'xxx');

$mysqli = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) 
OR die("could not connect");

$username = "user";
$password = "12345";
$md5_pass = md5($password);

$result = mysqli_query($mysqli,"INSERT INTO users (username, password) VALUES ('$username', '$md5_pass') ") or die(mysqli_error());

if($result){
echo "Success";
}

else{
echo "Sorry";
}
?>

登录脚本:(SQL / HTML作为单个文件)

<?php
DEFINE ('DB_USER', 'xxx');
DEFINE ('DB_PASSWORD', 'xxx');  
DEFINE ('DB_HOST', 'xxx');
DEFINE ('DB_NAME', 'xxx');

$mysqli = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) 
OR die("could not connect");

if(isset($_POST['submit'])){
// Grab User submitted information
$name = mysqli_real_escape_string($mysqli,$_POST["users_name"]);
$pass = mysqli_real_escape_string($mysqli,md5($_POST["users_pass"]));

 $result = mysqli_query($mysqli,"SELECT username, password FROM users WHERE username = '$name' AND password='$pass'");

$row = mysqli_fetch_array($result);

if($row["username"]==$name && $row["password"]==$pass){
    echo"You are a validated user.";
    }
else{
    echo"Sorry, your credentials are not valid, Please try again.";
    }

} // if(isset($_POST['submit'])){
?>

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title></title>
</head>
<body>
    <form method="post" action="">
        <table border="1" >
        <tr>
            <td><label for="users_name">Username</label></td>
            <td><input type="text" 
              name="users_name" id="users_name"></td>
        </tr>
        <tr>
            <td><label for="users_pass">Password</label></td>
            <td><input name="users_pass" type="password" id="users_pass"></input></td>
        </tr>
        <tr>
            <td><input type="submit" name="submit" value="Submit"/>
            <td><input type="reset" value="Reset"/>
        </tr>
    </table>
</form>
</body>
</html>

<强>声明:

最好将mysqli_*函数与prepared statementsPDO一起使用,并使用crypt()或PHP 5.5&#39; password_hash()函数密码存储。