在登录系统中执行OOP样式

时间:2016-05-09 17:41:53

标签: php oop

我知道我的问题对任何人都很容易。刚刚学习这个PHP差不多一个月了。我尝试使用OOP样式执行我的登录系统。我需要以默认用户身份登录,其中用户名和密码为admin。当我尝试登录时,说没有找到对象。

Object not found!

所以这里是我的代码。

表: 

CREATE TABLE loginmodule
(
loginId INT PRIMARY KEY AUTO_INCREMENT,
loginUsername VARCHAR(50),
loginPassword VARCHAR(50)
)

这是我的登录脚本。

loginMe.php 

<?php
require_once('../connection/connection.php');
require_once('../connection/loginCRUD.php');
require_once('../process/createProcess.php');
?>


<!doctype html>
<html>
<head>
   <title>Login Frame</title>
</head>
<body>
     <div id = "container">
     <h1>Login</h1>
     <form action = "post" action = "../process/createProcess.php">

    <div class = "form-field">
        <input type = "text" id = "username" name = "loginUsername" placeholder = "Enter Username">
    </div>

    <div class = "form-field">
        <input type = "password" id = "password" name = "loginPassword" placeholder = "Enter Password">
    </div>

    <div class = "form-field">
        <input type = "submit" id = "submit" name = "submit" value = "Login">
    </div>
    </form>
    </div><!--- end container --->
   </body>
   </html>

所以我将我的CRUD放在另一个文件中。 的 loginCRUD.php 

<?php
error_reporting(0);
class CRUD
{
 public function readLogin($dbusername,$dbpassword)
 {
    global $myDatabase;
    $result = $myDatabase->query("SELECT * FROM loginmodule WHERE loginUsername = '$dbusername' AND loginPassword = '$dbpassword'");

    if($result->num_rows > 0)
    {
        $row = $result->fetch_assoc();
        return $row;
    }
}
}
?>

最后我将我的进程放在哪里进行验证。  的 createProcess.php 

<?php

require_once('../connection/connection.php');
require_once('../connection/loginCRUD.php');

session_start();

$dbusername = $_POST['loginUsername']; //Get the value from textfield.
$dbpassword = $_POST['loginPassword'];

if(!empty($dbusername) && !empty($dbpassword))
{
    if($loginUsername == $dbusername && $loginPassword == $dbpassword)
    {
        $create = loginCRUD::readLogin($dbusername,$dbusername);
        echo "You are logged in!";
        @$_SESSION['loginUsername'] = $loginUsername;
    }
}

?>

指导我,如果我错过了什么。如果有快捷方式,请告诉我:)

1 个答案:

答案 0 :(得分:3)

您的代码中存在多个错误,例如:

  • form代码中有两个操作属性。

    <form action = "post" action = "../process/createProcess.php">
        ^                ^

    应该是,

    <form method="post" action="../process/createProcess.php">

  • createProcess.php 页面上,查看以下行,

    1) if($loginUsername == $dbusername && $loginPassword == $dbpassword)
            ^                                 ^

    没有名为$loginUsername$loginPassword

    的变量 
    2) $create = loginCRUD::readLogin($dbusername,$dbusername);
                                       ^            ^ 
                                 both the arguments are same

    你以错误的方式调用readLogin()方法。您应该首先创建一个类CRUD的实例,然后像这样调用它的实例方法readLogin()

       (new CRUD)->readLogin($dbusername,$dbpassword);

3) $_SESSION['loginUsername'] = $loginUsername;

    正如我所说,没有名为$loginUsername的变量。它应该是,

    $_SESSION['loginUsername'] = $dbusername;

  • 总是在PHP脚本的最顶端开始会话,就在打开PHP标记之后,就像这样:

    <?php 
    session_start();
    // your code

  • 您的查询容易受到SQL注入的影响。使用mysqli的预准备语句来防止任何类型的SQL注入。 And this is how you can prevent SQL injection in PHP

  • 永远不要将密码存储为简单易读的文本,在将密码插入表格之前,请始终对原始密码执行salted password hashing

  • 建议:请勿在代码中使用globalWhy Globals are evil?

所以你的代码应该是这样的:

CRUD课程: 

class CRUD{
    public function readLogin($dbusername,$dbpassword){
        global $myDatabase;
        $statement = $myDatabase->prepare("SELECT * FROM loginmodule WHERE loginUsername = ? AND loginPassword = ? LIMIT 1");
        $statement->bind_param("ss", $dbusername, $dbpassword);
        if($statement->execute()){
            $result = $statement->get_result();
            if($result->num_rows){
                $row = $result->fetch_assoc();
                return $row;
            }else{
                return false;
            }
        }else{
            return false;
        }
    }
}

<强> createProcess.php 

if(isset($_POST['submit'])){
    $dbusername = $_POST['loginUsername'];
    $dbpassword = $_POST['loginPassword'];

    if(!empty($dbusername) && !empty($dbpassword)){
        if((new CRUD)->readLogin($dbusername,$dbpassword)){
            echo "You are logged in!";
            $_SESSION['loginUsername'] = $dbusername;

            // redirect the user to the home page
        }else{
            echo "Incorrect username and/or password";
        }
    }
}

<强> HTML 

<div id = "container">
    <h1>Login</h1>
    <form method = "post" action = "../process/createProcess.php">
        <div class = "form-field">
            <input type = "text" id = "username" name = "loginUsername" placeholder = "Enter Username">
        </div>

        <div class = "form-field">
            <input type = "password" id = "password" name = "loginPassword" placeholder = "Enter Password">
        </div>

        <div class = "form-field">
            <input type = "submit" id = "submit" name = "submit" value = "Login">
        </div>
    </form>
</div>
相关问题
最新问题