MySQLi数据库不验证并返回正确的结果

时间:2017-01-27 10:02:47

标签: php database mysqli login return

我正在建立一个商店数据库,可以选择注册,登录和购买物品。 我采取的步骤是我注册为新用户。然后将详细信息发送到数据库,我可以清楚地看到它们。之后,我尝试使用新注册的详细信息登录,并在登录页面上弹出一个错误消息,指出电子邮件和密码不匹配。

我认为数据库没有返回正确的信息或阻止登录工具访问存在问题。

代码: 登录tools.php  ` 

  function load( $page ='login.php')
{ $url = 'http://' . $_SERVER[ 'HTTP_HOST'] . dirname( $_SERVER[ 'PHP_SELF']); 

     $url = rtrim( $url, '/\\');
     $url .= '/' . $page;

     header( "Location: $url");
     exit();  
}

function validate( $dbc, $email = '', $pwd = '')
{ $errors = array() ; 


 if ( empty( $email ) ) 
 { $errors[] = 'Enter your email address.' ; } 
  else  { $e = mysqli_real_escape_string( $dbc, trim( $email ) ) ; }


  if ( empty( $pwd ) ) 
       { $errors[] = 'Enter your password.' ; } 
      else { $p = mysqli_real_escape_string( $dbc, trim( $pwd ) ) ; }


    if ( empty( $errors ) ) 
  {
    $q = "SELECT id, first_name, last_name FROM users WHERE email='$e' AND       pass=SHA1('$p')" ;  
    $r = mysqli_query ( $dbc, $q ) ;
if ( @mysqli_num_rows( $r ) == 1 ) 
{
   $row = mysqli_fetch_array ( $r, MYSQLI_ASSOC ) ;                                            return array( true, $row ) ; 
}

    else { $errors[] = 'Email address and password not found.' ; }
  }
             return array( false, $errors ) ; 
}

***Login Action:***      

if( $_SERVER[ 'REQUEST_METHOD' ] == 'POST')
  {
   require('E:\Xampp\xampp\htdocs\Michal\connect_db.php');
   require('login_tools.php');

   list ( $check, $data ) = validate ( $dbc, $_POST[ 'email' ], $_POST[ 'pass' ]    ) ;
   echo $check;
   echo 'TEST';

   if ( $check )
 {session_start();

 $_SESSION['id'] = $data[ 'id'];
 $_SESSION['first_name'] = $data[ 'first_name'];
 $_SESSION['last_name'] = $data['last_name'];

     load ( 'home.php');
     }
    else { $errors = $data;}

mysqli_close( $dbc);    
    }

include ( 'login.php');

***Login.php:***          

 <?php 

$page_title = 'Login' ;
include ( 'includes/header.html' ) ;


if ( isset( $errors ) && !empty( $errors ) )
    {
 echo '<p id="err_msg">Oops! There was a problem:<br>' ;
 foreach ( $errors as $msg ) { echo " - $msg<br>" ; }
 echo 'Please try again or <a href="register.php">Register</a></p>' ;
    }
        ?>

<h1>Login</h1>
<form action="login_action.php" method="POST">
<p>
Email Address: <input type="text" name="email">
Password: <input type="text" name="pass">
<p>
<input type="submit" value="Login">
 </p>
</p>
    <?php?>
</form>
</body>
</html>

***Register.php:*** 

   $page_title = 'Register' ;
   include ( 'includes/header.html' ) ;


if ( $_SERVER[ 'REQUEST_METHOD' ] == 'POST' )
    {

  require ('E:\Xampp\xampp\htdocs\Michal\connect_db.php'); 


      $errors = array();


  if ( empty( $_POST[ 'first_name' ] ) )
      { $errors[] = 'Enter your first name.' ; }
      else
      { $fn = mysqli_real_escape_string( $dbc, trim( $_POST[ 'first_name' ] ) ) ; }


       if (empty( $_POST[ 'last_name' ] ) )
          { $errors[] = 'Enter your last name.' ; }
      else
      { $ln = mysqli_real_escape_string( $dbc, trim( $_POST[ 'last_name' ] ) ) ; }


       if ( empty( $_POST[ 'email' ] ) )
          { $errors[] = 'Enter your email address.'; }
      else
      { $e = mysqli_real_escape_string( $dbc, trim( $_POST[ 'email' ] ) ) ; }


      if ( !empty($_POST[ 'pass1' ] ) )
      {
       if ( $_POST[ 'pass1' ] != $_POST[ 'pass2' ] )
           { $errors[] = 'Passwords do not match.' ; }
        else
       { $p = mysqli_real_escape_string( $dbc, trim( $_POST[ 'pass1' ] ) ) ; }
  }
    else { $errors[] = 'Enter your password.' ; }


           if ( empty( $errors ) )
      {
     $q = "SELECT id FROM users WHERE email='$e'" ;
    $r = mysqli_query ( $dbc, $q) ;

    if ( mysqli_num_rows( $r ) != 0 ) 
         {
                $errors[] = 'Email address already registered. <a     href="login.php">Login</a>' ;
    }
  }


          if ( empty( $errors ) ) 
       {
        $q = "INSERT INTO users (first_name, last_name, email, pass, reg_date)     VALUES ('$fn', '$ln', '$e', SHA1('$p'), NOW() )";
       $r = @mysqli_query ( $dbc, $q ) ;
        if ($r)
                 { echo '<h1>Registered!</h1><p>You are now registered.</p><p><a    href="login.php">Login</a></p>';     }


        mysqli_close($dbc); 


       include ('includes/footer.html'); 
    exit();
     }

         else 
           {
    echo '<h1>Error!</h1><p id="err_msg">The following error(s) occurred:<br>' ;
    foreach ( $errors as $msg )
        { echo " - $msg<br>" ; }
       echo 'Please try again.</p>';

        mysqli_close( $dbc );
 }  
        }
         ?>

        <h1>Register</h1>
    <form action="register.php" method="post">
    <p>First Name: <input type="text" name="first_name" size="20" value="<?php if         (isset($_POST['first_name'])) echo $_POST['first_name']; ?>"> 
     Last Name: <input type="text" name="last_name" size="20" value="<?php if       (isset($_POST['last_name'])) echo $_POST['last_name']; ?>"></p>
     <p>Email Address: <input type="text" name="email" size="50" value="<?php if      (isset($_POST['email'])) echo $_POST['email']; ?>"></p>
    <p>Password: <input type="password" name="pass1" size="20" value="<?php if      (isset($_POST['pass1'])) echo $_POST['pass1']; ?>" >
     Confirm Password: <input type="password" name="pass2" size="20" value="<?php      if (isset($_POST['pass2'])) echo $_POST['pass2']; ?>"></p>
 <p><input type="submit" value="Register"></p>
 </form>

        <?php 

    include ( 'includes/footer.html' ) ; 

    ?>

***connect_db.php:*** 

 $dbc = @mysqli_connect ( 'localhost', 'root', 'cake', 'users' )

OR die ( mysqli_connect_error() ) ;

 mysqli_set_charset( $dbc, 'utf8' ) ;

home.php: 

   <?php
       session_start();

        if(!isset($_SESSION['id']))
        {
        require('login_tools.php');
        load();
    }

         $page_title = 'Home';
             include('includes/header.html');

            echo "<h1>Home</h1>
              <P>You are now logged in_array{$_SESSION['first_name']}           {$_SESSION['last_name']}
            </P>";

            echo'<P>
        <a href ="forum.php">Forum</a> |
        <a href = "shop.php">SHOP </a> |
         <a href = "goodbye.php">Logout</a>
        </P>';

        include ('includes/footer.html');
      ?>

&#39;

感谢您的帮助。

1 个答案:

答案 0 :(得分:-1)

<?php

function load($page = 'login.php')
{
#Statements to be inserted here (steps 2-4)
$url = 'http://'.$_SERVER['localhost'].dirname($_SERVER['htdocs']);
$url = rtrim($url, '/\\');
$url .= '/'.$page;
header("Location: $url");
exit();
}
function validate($dbc, $email = ", $pwd = ")
{
#statement to be inserted here (steps 6-10)
$errors = array();
if (empty($email))
{
 $errors[] = 'Enter your email address.';
}
else
{
 $e = mysqli_real_escape_string($dbc, trim($email));
}
if(empty($pwd))
{
 $errors[] = 'Enter your password.';
}
else
{
 $p = mysqli_real_escape_string($dbc, trim($pwd));
}
if(empty($errors))
{
 $q = "SELECT user_id, first_name, last_name FROM users WHERE email = '$e'         
 AND pass = SHA1('$p')";
 $r = mysqli_query($dbc, $q);

 if(mysqli_num_rows($r)==1)
 {
  $row = mysqli_fetch_array($r, MYSQLI_ASSOC);
  return array(true, $row);
 }
 else
 {
  $errors[] = 'Email address and password not found.';
 }
}
return array(false, $errors);
}

?>

任何人都可以建议改进此代码。

相关问题
最新问题