我一直在尝试让这个脚本转到db并获取数据,然后登录等......
我的php版本是5.6。我已将代码包含在索引页面[表单所在的位置]和有问题的脚本中。
登录表单代码:
<form class="form" action="php-process/main_login-check.php" method="post">
<input type="text" placeholder="Username" name='username' id='username' maxlength="50" >
<input type="password" placeholder="Password" name="password" id="password">
<button type="submit" id="login" name="login">Go</button>
<button type="reset" id="reg-button"
onclick="MM_openBrWindow('app/register.php','Register @ MySite.com','scrollbars=no,width=500,height=500');javascript:RegProcess();">
Register</button>
</form>
处理脚本[main_login-check.php]
<?php
/*** begin our session ***/
session_start();
/*** check if the users is already logged in ***/
if(isset( $_SESSION['id'] ))
{
$message = 'Users is already logged in';
}
/*** check that both the username, password have been submitted ***/
if(!isset( $_POST['username'], $_POST['password']))
{
$message = 'Please enter a valid username and password';
}
/*** check the username is the correct length ***/
elseif (strlen( $_POST['username']) > 20 || strlen($_POST['username']) < 4)
{
$message = 'Incorrect Length for Username';
}
/*** check the password is the correct length ***/
elseif (strlen( $_POST['password']) > 20 || strlen($_POST['password']) < 4)
{
$message = 'Incorrect Length for Password';
}
/*** check the username has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['username']) != true)
{
/*** if there is no match ***/
$message = "Username must be alpha numeric";
}
/*** check the password has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['password']) != true)
{
/*** if there is no match ***/
$message = "Password must be alpha numeric";
}
else
{
/*** if we are here the data is valid and we can insert it into database ***/
$phpro_username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);
$phpro_password = filter_var($_POST['password'], FILTER_SANITIZE_STRING);
/*** now we can encrypt the password ***/
$phpro_password = sha1( $phpro_password );
/*** connect to database ***/
/*** mysql hostname ***/
$mysql_hostname = 'localhost';
/*** mysql username ***/
$mysql_username = 'root';
/*** mysql password ***/
$mysql_password = 'ThePass';
/*** database name ***/
$mysql_dbname = 'login_main';
try
{
$dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password);
/*** $message = a message saying we have connected ***/
/*** set the error mode to excptions ***/
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
/*** prepare the select statement ***/
$stmt = $dbh->prepare("SELECT id, username, password FROM user
WHERE username = :username AND password = :password");
/*** bind the parameters ***/
$stmt->bindParam(':username', $phpro_username, PDO::PARAM_STR);
$stmt->bindParam(':password', $phpro_password, PDO::PARAM_STR, 40);
/*** execute the prepared statement ***/
$stmt->execute();
/*** check for a result ***/
$user_id = $stmt->fetchColumn();
/*** if we have no result then fail boat ***/
if($user_id == false)
{
$message = 'Login Failed';
}
/*** if we do have a result, all is well ***/
else
{
/*** set the session user_id variable ***/
$_SESSION['id'] = $user_id;
/*** tell the user we are logged in ***/
$message = 'You are now logged in';
}
}
catch(Exception $e)
{
/*** if we are here, something has gone wrong with the database ***/
$message = 'We are unable to process your request. Please try again later';
}
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<p><?php echo $message; ?>
</body>
错误标记工作正常,但数据库连接正常。但无论我是否使用数据库中的现有记录进行登录,我仍然会收到错误“登录失败”。
提前致谢。
答案 0 :(得分:0)
已解决 - 感谢您的所有意见,感谢您的帮助。问题很简单,我用纯文本存储密码,并在SHA1中要求它,而不是那里。我现在只需在注册表单中将密码发送到数据库之前加密密码就解决了。为Engin欢呼喝彩! :)