无法使用php从mongodb验证用户名和密码

时间:2016-04-20 09:27:35

标签: php angularjs mongodb

enter image description here我想验证来自mongodb的用户名和密码。如果用户名&密码与我的PHP代码匹配,它应该提前到管理页面。 角度验证适用于用户名和密码,但没有mongodb db。 你能告诉我哪里弄错了吗?

的index.php 

 <?php 
 include('login.php'); // Includes Login Script
 ?> 
 <!doctype html>
 <html>
 <head>
 <meta charset="utf-8">
 <title>LoginIN</title>
 <script src="http://code.jquery.com/jquery-1.9.1.js"></script>
 <script type="text/javascript" src="js/angular.min.js"></script>
 <link href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css" rel="stylesheet">

  <link href="styles/bootstrap.min.css" rel="stylesheet">
  <link href="styles/signin.css" rel="stylesheet">
  <script src="js/app.js"></script> 


 </head> 
 <body ng-app="postAngular" ng-controller="PostController as postCtrl">

 <div id="wrapper">
  <header id="top">
  <center><h1>Leave Reporting System</h1></center>
    <div class="container">

  <form class="form-signin" ng-submit="postCtrl.postForm()">
   <ul>
  <?php if(isset($errorMessage)):?>

   <?php endif ?>

   <h2 class="form-signin-heading">Please sign in</h2>

    <input type="text" name="username" class="form-control" placeholder="Email address" ng-model="postCtrl.inputData.username" required >


     <input type="password" name="password" class="form-control" placeholder="Password" required ng-model="postCtrl.inputData.password">

      <div class="checkbox">
     <label>
     <input type="checkbox" value="remember" name ="remember">Remember me
     </label><br>
     </div>

   <div  role="alert" ng-show="errorMsg">{{errorMsg}}</div>
    <input name="login" button class="btn btn-lg btn-primary btn-block"  type ="submit" value=" Log in">

       <br>
       <a href="">Forgot your password?</a> 
     </ul>
 </form>

    </div>
  </body>
   </html>

的login.php 

<?php

$errorMessage ="";
//session_start();

if(isset($_POST['login'])){
  $usr = $_POST['username']; 
  $pass = $_POST['password'];

  $conn = new MongoClient();

  $db = $conn->lrs;
  $col = $db->Login;

  $query = array(
    'username' => $usr,
    'password' => md5($pass)
  );

  $cursor = $col->findOne($query);

  foreach($cursor as $obj){
    $foundusr = $obj['username'];
    $foundpass = $obj['password'];

    if($obj['username']== $usr && $obj['password']= $pass){
      header('location: admin.php');
    } else {
      $errorMessage = "<h3>Username/password did not match.</h3>";
    }
  }

}

?>

1 个答案:

答案 0 :(得分:0)

下面:

$query = array(
  'username' => $usr,
  'password' => md5($pass)
);

您正在使用md5查询密码,但是您将以纯文本格式存储它!

md5也不是存储密码的好安全哈希。 从PHP 5.5开始,您应该使用密码_hash():http://php.net/manual/en/function.password-hash.php

相关问题
最新问题