我正在开发一个注册和登录脚本,我一直在根据Larry Ullan的quickpro指南(以及php手册和其他参考资料)对我的脚本进行建模。我的注册脚本运行良好,但是当我尝试登录脚本时遇到问题。我这样查询DB:
$q = "SELECT user_id, first_name FROM registration WHERE email='$ue' AND pass=SHA1('$p')";
我会收到错误消息:
The email address and password entered do not match those on file
如果我删除此类AND pass=SHA1('$p')
$q = "SELECT user_id, first_name FROM registration WHERE email='$ue'";
该脚本将我引导至应该登录的页面。
我一遍又一遍地注册脚本和登录功能脚本试图找到断开连接而我无法看到它。以下是我的注册脚本的摘录:
//Check for a password and match against the confirmed password:
if (!empty($_POST['pass1'])) {
if ($_POST['pass1'] != $_POST['pass2']) {
$errors[] = 'Your password did not match the confirmed password.';
}else{
$p = mysqli_real_escape_string($dbc, trim($_POST['pass1']));
}
}else{
$errors[] = 'You forgot to enter your password.';
}
//////////////////////////////////////////////////// password parameters
if( strlen($p) < 8 ) {
$errors[]= "Password too short! ";
}
if( strlen($p) > 15 ) {
$errors[]= "Password too long! ";
}
if( !preg_match("#[0-9]+#", $p) {
$errors[]= "Password must include at least one number! ";
}
if( !preg_match("#[a-z]+#", $p) ) {
$errors[]= "Password must include at least one letter! ";
}
if( !preg_match("#[A-Z]+#", $p) ) {
$errors[]= "Password must include at least one CAPS! ";
}
if( !preg_match("#\W+#", $p) ) {
$errors[]= "Password must include at least one symbol! ";
}
////////////////////////////////////////////////////
这是我的登录功能脚本代码:
function check_login($dbc, $email ='', $pass='') {
$errors = array(); // Initialize error array.
//validate email
if (empty($email)) {
$errors[]='You forgot to enter your email address.';
}else{
$ue = mysqli_real_escape_string($dbc, trim($email));
}
//validate password
if (empty($pass)) {
$errors[]='You forgot to enter your password.';
}else{
$p = mysqli_real_escape_string($dbc, trim($pass));
}
if (empty($errors)) { // if passed validation
//call to DB at beginning of login script
//retrieve user id and first name for that email/password combo
$q = "SELECT user_id, first_name FROM registration WHERE email='$ue' AND pass=SHA1('$p')";
$r = mysqli_query ($dbc, $q);
//check results
if (mysqli_num_rows($r) == 1) {
//fetch the record
$row = mysqli_fetch_array ($r, MYSQLI_ASSOC);
return array(true, $row);
}else{ // not a match
$errors[]= 'The email address and password entered do not match those on file';
}
} // End of empty ($errors) IF
//return false and the errors:
return array(false, $errors);
} //End of check_login() function
我尝试过每一种我能想到的调试技术,或者发现在互联网上搜索(并不意味着我没有错过任何东西)。我搜索了这个网站,没有看到我的问题的答案。我希望有人有答案,因为我真的不知道从哪里开始。我逐行浏览了这两个脚本。我错过了什么?
答案 0 :(得分:0)
我的天啊!我发现了我的问题,答案至少可以说是令人尴尬的。我想分享这个,这样可以节省其他时间的调试时间。我没有找到为什么我这样做的借口,但我已经为#34;&#34;设置了列宽。在20而不是SHA1所需的40个字符。我真的不喜欢摔倒在自己的剑上,但希望它会拯救别人的痛苦。