我有一个脚本,它使用md5哈希密码将新用户发送到数据库,但是我在运行身份验证和登录时没有任何运气,任何帮助都非常感谢。
代码如下;
<?php
//open the session
session_start();
$sqltable="users";
$pagetitle="User Login";
$menu="no";
require 'inc/dbvars.php';
require 'inc/dafunc.php';
//check to see if someone has pressed the login button
if(isset($_POST['login']))
{
//connect to the database
try {
$dbh = new PDO("mysql:host=$sqlhost;dbname=$sqldb", $sqluser, $sqlpass);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
//fetch username and password from form
$user=$_POST['user'];
$pass=md5($_POST['pass']);
//query database and check users's creds
$query = $dbh->prepare("SELECT * FROM $sqltable WHERE username = $user AND password = $pass"); // carefull with your column name which you declare in the tabel
$query->execute();
$_SESSION['username']=$user;
$_SESSION['userlevel']=$row['level'];
//store login data and time in database
$datetime = date("Y-m-d H:i:s");
// $query = $dbh->prepare("UPDATE ' . $sqltable . ' SET lastlogin =? WHERE user = ?");
// $data = array($datetime, $user);
// $query->execute($data);
// right now you shouldn't perform the update query . and you should use primary key column in where caulse in update query
//if everything is correct, this should redirect the user to the confirm page
header("location:search.php");
}
//if the shit has hit the fan, deny deny deny
else {
echo "Wrong Username or Password";
}
//login was sucessful, build rest of page
require 'inc/header.php';
?>
<div class="tableForm">
<form name="form1" method="post" action="<?php echo "$self"; ?>">
<p align="center">Username:
<input type="text" name="user" id="user" placeholder="username">
</p>
<p align="center">Password:
<input type="password" name="pass" id="pass" placeholder="password">
</p>
<p align="center">
<input type="submit" name="Login" id="Login" value="Login">
<input type="reset" name="Reset" id="Reset" value="Reset">
</p>
<p align="center">
<input type="submit" name="forgotpass" id="forgotpass" value="Forgot your password?">
</p>
</form>
</div>
<?php include 'inc/footer.php'; ?>
答案 0 :(得分:0)
这样:
//query database and check users's creds
$query = $dbh->prepare('SELECT FROM users WHERE user =?, pass =?');
应该是这样的:
//query database and check users's creds
$query = $dbh->prepare('SELECT * FROM users WHERE user =? AND pass =?');
答案 1 :(得分:0)
试试此代码
<?php
session_start();
$sqlhost = "localhost";
$sqldb = "dbname";
$sqltable="users";
$sqlpass = "";
$pagetitle="User Login";
$menu="no";
require 'inc/dbvars.php';
require 'inc/dafunc.php';
//check to see if someone has pressed the login button
if(isset($_POST['login']))
{
//connect to the database
try {
$dbh = new PDO("mysql:host=$sqlhost;dbname=$sqldb", $sqluser, $sqlpass);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
//fetch username and password from form
$user=$_POST['user'];
$pass=md5($_POST['pass']);
//query database and check users's creds
$query = $dbh->prepare("SELECT FROM users WHERE username = $user AND password = $pass"); // carefull with your column name which you declare in the tabel
$query->execute();
$_SESSION['username']=$user;
$_SESSION['userlevel']=$row['level'];
//store login data and time in database
$datetime = date("Y-m-d H:i:s");
// $query = $dbh->prepare("UPDATE ' . $sqltable . ' SET lastlogin =? WHERE user = ?");
// $data = array($datetime, $user);
// $query->execute($data);
// right now you shouldn't perform the update query . and you should use primary key column in where caulse in update query
//if everything is correct, this should redirect the user to the confirm page
header("location:search.php");
}
//if the shit has hit the fan, deny deny deny
else {
echo "Wrong Username or Password";
}
//login was sucessful, build rest of page
require 'inc/header.php';
?>
<div class="tableForm">
<form name="form1" method="post" action="<?php echo "$self"; ?>">
<p align="center">Username:
<input type="text" name="user" id="user" placeholder="username">
</p>
<p align="center">Password:
<input type="password" name="pass" id="pass" placeholder="password">
</p>
<p align="center">
<input type="submit" name="Login" id="Login" value="Login">
<input type="reset" name="Reset" id="Reset" value="Reset">
</p>
<p align="center">
<input type="submit" name="forgotpass" id="forgotpass" value="Forgot your password?">
</p>
</form>
</div>
<?php include 'inc/footer.php'; ?>