我正在创建注册和登录表单。在注册表单中,我从用户那里获取输入并将这些输入存储在我的数据库中。我希望用户在 nss-login.php 中输入用户名和密码,然后从数据库中比较该用户名和密码是否在数据库中可用或不。如果凭据可用,则会重定向到 nss-admin.php 。
然而,当前的代码似乎并没有起作用,从逻辑上看,一切似乎都没问题。我相当新的PHP大约两个星期,所以显然我错过了一些东西。我一直在环顾四周,看看我做错了什么但仍然无法理解,所以我作为最后的手段在这里张贴。感谢您抽出宝贵时间来查看我的问题。
请在代码文件中进行必要的更改,并在必要时纠正错误。
这是 nss-functions.php
<?php
include 'nss-config.php';
function connect($config) {
try {
$conn = new PDO('mysql:host=localhost; dbname='.$config['database'],
$config['username'],$config['password']);
$conn -> setAttribute(PDO :: ATTR_ERRMODE, PDO:: ERRMODE_EXCEPTION);
return $conn;
}
catch (Exception $e) {
return false;
}
}
function query($query,$bindings,$conn)
{
$stmnt = $conn->prepare($query);
$stmnt->execute($bindings);
return ($stmnt->rowCount() > 0) ? $stmnt : false;
}
?>
这是 nss-signup.php
<!doctype html>
<html>
<head>
<title>Create a Free Account</title>
</head>
<body>
<?php
include 'nss-functions.php';
$conn=connect($config);
if (!$conn) die('Problem connecting to db.');
if($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$repass = $_POST['repass'];
if(empty($username) || empty($email) || empty($password) || empty($repass)) {
echo "Please fill all inputs correctly";
}
else {
if($repass == $password) {
query("insert into users(username,email,password) values(:username, :email , :password)",
array('username' => $username, 'email' => $email , 'password' => $password) , $conn);
echo "Your account is successfully created";
}
else {
echo "Fill password correctly";
}
}
}
?>
<form action="nss-signup.php" method="post">
<h1>Create Your Account</h1>
<p><label for="username">Username</label>
<input type="text" id="username" name="username" /></p>
<p><label for="email">Email Address</label>
<input type="text" id="email" name="email" /></p>
<p><label for="password">Choose a Password</label>
<input type="password" id="password" name="password" /></p>
<p><label for="repass">Confirm Password</label>
<input type="password" id="repass" name="repass" /></p>
<p><input type="submit" value="Submit" name="loginform" /></p>
</form>
</body>
</html>
这是 nss-login.php
<!doctype html>
<html>
<head>
<title></title>
</head>
<body>
<?php
include 'nss-validate.php';
session_start();
if($_SERVER['REQUEST_METHOD'] == 'POST') {
$user = $_POST['username'];
$pass = $_POST['password'];
if(validate($user,$pass)) {
$_SESSION['user'] = $user;
header("Location:nss-admin.php");
}
else {
echo "Incorrect credentials";
}
}
?>
<form action="nss-login.php" method="post">
<h1>Sign in to Your Account</h1>
<p><label for="username">Username</label>
<input type="text" id="username" name="username" /></p>
<p><label for="password">Your Password</label>
<input type="password" id="password" name="password" /></p>
<p><input type="submit" value="Submit" name="loginform" /></p>
<p>Don't have an account? <a href="nss-signup.php">Create one</a>.</p>
</form>
</body>
</html>
这是 nss-validate.php
<?php
include 'nss-functions.php';
function validate($username,$password) {
$x = query("select username from users where username = :username", // variable for username
array('username' => $username) , $conn);
$y = query("select password from users where password = :password", // variable for password
array('password' => $password) , $conn);
return ($username == $x && $password == $y);
}
?>
这是 nss-admin.php
<?php require 'nss-login.php'; ?>
<!doctype html>
<html>
<head>
<title></title>
</head>
<body>
<h1>Hello, <?= $_SESSION['user']; ?></h1>
<h3><a href="#">logout</a></h3>
</body>
</html>
答案 0 :(得分:3)
$conn在validate()函数的变量范围内不存在。
将您的功能定义更改为:
function validate($username,$password, $conn) {
并相应地调用它。
注意:您的验证功能完全没用。它将使用任何其他用户的现有密码记录所有人(如果有效,我怀疑)。此外,您似乎将密码以纯文本形式存储在数据库中。