使用PDO语句登录表单PHP

时间:2014-08-18 12:39:51

标签: php mysql forms pdo

我正在创建注册和登录表单。在注册表单中,我从用户那里获取输入并将这些输入存储在我的数据库中。我希望用户在 nss-login.php 中输入用户名密码,然后从数据库中比较该用户名和密码是否在数据库中可用或不。如果凭据可用,则会重定向到 nss-admin.php

然而,当前的代码似乎并没有起作用,从逻辑上看,一切似乎都没问题。我相当新的PHP大约两个星期,所以显然我错过了一些东西。我一直在环顾四周,看看我做错了什么但仍然无法理解,所以我作为最后的手段在这里张贴。感谢您抽出宝贵时间来查看我的问题。

请在代码文件中进行必要的更改,并在必要时纠正错误。

这是 nss-functions.php

<?php 

include 'nss-config.php';

function connect($config) {

    try {
        $conn = new PDO('mysql:host=localhost; dbname='.$config['database'],
            $config['username'],$config['password']);
        $conn -> setAttribute(PDO :: ATTR_ERRMODE, PDO:: ERRMODE_EXCEPTION);
        return $conn;
    }

    catch (Exception $e) {
        return false;
    }

}

function query($query,$bindings,$conn)
{
    $stmnt = $conn->prepare($query);
    $stmnt->execute($bindings);
    return ($stmnt->rowCount() > 0) ? $stmnt : false;

}


 ?>

这是 nss-signup.php

<!doctype html>
<html>
<head>
    <title>Create a Free Account</title>
</head>
<body>
<?php 
include 'nss-functions.php';
$conn=connect($config);
if (!$conn) die('Problem connecting to db.');
if($_SERVER['REQUEST_METHOD'] == 'POST') {

    $username = $_POST['username'];
    $email = $_POST['email'];
    $password = $_POST['password'];
    $repass = $_POST['repass'];

    if(empty($username) || empty($email) || empty($password) || empty($repass)) {
        echo "Please fill all inputs correctly";
    }

    else {

        if($repass == $password) {

            query("insert into users(username,email,password) values(:username, :email , :password)",
            array('username' => $username, 'email' => $email , 'password' => $password) , $conn);

            echo "Your account is successfully created";

        }

        else {
            echo "Fill password correctly";
        }

    }

}
 ?>
<form action="nss-signup.php" method="post">
<h1>Create Your Account</h1>
<p><label for="username">Username</label>
    <input type="text" id="username" name="username" /></p>

    <p><label for="email">Email Address</label>
    <input type="text" id="email" name="email" /></p>

    <p><label for="password">Choose a Password</label>
    <input type="password" id="password" name="password" /></p>

    <p><label for="repass">Confirm Password</label>
    <input type="password" id="repass" name="repass" /></p>

    <p><input type="submit" value="Submit" name="loginform" /></p>
</form>
</body>
</html>

这是 nss-login.php

<!doctype html>
<html>
<head>
    <title></title>
</head>
<body>
    <?php 
    include 'nss-validate.php';

    session_start();
     if($_SERVER['REQUEST_METHOD'] == 'POST') {

        $user = $_POST['username'];
        $pass = $_POST['password'];

        if(validate($user,$pass)) {

            $_SESSION['user'] = $user;
            header("Location:nss-admin.php");
        }

        else {
            echo "Incorrect credentials";
        }

     }
     ?>
    <form action="nss-login.php" method="post">
<h1>Sign in to Your Account</h1>
<p><label for="username">Username</label>
    <input type="text" id="username" name="username" /></p>

    <p><label for="password">Your Password</label>
    <input type="password" id="password" name="password" /></p>

    <p><input type="submit" value="Submit" name="loginform" /></p>
    <p>Don't have an account? <a href="nss-signup.php">Create one</a>.</p>
</form>

</body>
</html>

这是 nss-validate.php

<?php 

include 'nss-functions.php';

function validate($username,$password) {

    $x = query("select username from users where username = :username", // variable for username
            array('username' => $username) , $conn);
    $y = query("select password from users where password = :password", // variable for password
            array('password' => $password) , $conn);
    return ($username == $x && $password == $y);
}
 ?>

这是 nss-admin.php

<?php require 'nss-login.php'; ?>
<!doctype html>
 <html>
 <head>
    <title></title>
 </head>
 <body>
 <h1>Hello, <?= $_SESSION['user']; ?></h1>
 <h3><a href="#">logout</a></h3>
 </body>
 </html>

1 个答案:

答案 0 :(得分:3)

$connvalidate()函数的变量范围内不存在。

将您的功能定义更改为:

function validate($username,$password, $conn) {

并相应地调用它。

注意:您的验证功能完全没用。它将使用任何其他用户的现有密码记录所有人(如果有效,我怀疑)。此外,您似乎将密码以纯文本形式存储在数据库中。