我在localhost上有一个数据库:
Name: login, Table:users
该表包括:
ID, EmailAddress, and Password.
我插入了一个用户进行测试。
我有一个简单的表格:
<?php
include('ConfigLogin.php');
?>
<!DOCTYPE html>
<html
<head>Welcome to the Gym Login System</head>
<body>
<div id="Form">
<form action="Other/ConnectLogIn.php" method = "post">
<p>
<label>Email:</label>
<input type="text" id="emailaddress" name ="emailaddress" placeholder="Email Address" maxlength="30"/>
</p>
<p>
<label>Password:</label>
<input type="password" id="pass" name="pass" placeholder="Password" maxlength="30"> />
</p>
<p>
<input type ="submit" id="submit" value ="submit" />
</p>
</form>
</div>
</body>
</html>
我有一个简单的连接:
<?php
$connection = mysqli_connect('localhost','root','','login') or die(mysqli_error($connection));
?>
但是我一直在学习一些教程,因为我正在学习一些PHP,但是我花了一整天的时间来处理它并且它没有沉入其中。我试图对所有内容进行分区并完成代码,但我真的可以使用帮助手。
Verification.php:
<?php
// First start a session. This should be right at the top of your login page.
session_start();
// Check to see if this run of the script was caused by our login submit button being clicked.
if (isset($_POST['submit'])) {
// Also check that our email address and password were passed along. If not, jump
// down to our error message about providing both pieces of information.
if (isset($_POST['emailaddress']) && isset($_POST['pass'])) {
$email = $_POST['emailaddress'];
$pass = $_POST['pass'];
// Connect to the database and select the user based on their provided email address.
// Be sure to retrieve their password and any other information you want to save for the user session.
$pdo = new Database();
$pdo->query("SELECT id, email, password, name, level FROM users WHERE email = :emailaddr");
$pdo->bind(':emailaddr', $email);
$row = $pdo->single();
// If the user record was found, compare the password on record to the one provided hashed as necessary.
// If successful, now set up session variables for the user and store a flag to say they are authorized.
// These values follow the user around the site and will be tested on each page.
if (($row !== false) && ($pdo->rowCount() > 0)) {
if ($row['password'] == hash('sha256', $pass)) {
// is_auth is important here because we will test this to make sure they can view other pages
// that are needing credentials.
$_SESSION['is_auth'] = true;
$_SESSION['user_level'] = $row['level'];
$_SESSION['user_id'] = $row['id'];
$_SESSION['name'] = $row['name'];
// Once the sessions variables have been set, redirect them to the landing page / home page.
header('location: home.php');
exit;
}
else {
$error = "Invalid email or password. Please try again.";
}
}
else {
$error = "Invalid email or password. Please try again.";
}
}
else {
$error = "Please enter an email and password to login.";
}
}
?>
我需要能够从数据库中输入电子邮件和密码(在本文开头),然后确认它是否有效。我已经花了很多年,所以除非我真的需要帮助,否则我不会问。