这是使用PDO的验证表单,数据库代码显示与我的数据库的连接正确运行。
<?php
$servername = "localhost";
$username = "root";
$password = "";
try {
$con = new PDO("mysql:host=$servername;dbname=filesystem", $username, $password);
$con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e)
{
echo "Connection failed: " . $e->getMessage();
}
?>
现在我根据正确的用户名和密码从数据库验证后建立连接打开页面,这是代码
if(isset($_POST['submit']))
{
$user=!empty($_POST['user']) ? trim($_POST['user']) :null ;
$password=!empty($_POST['password']) ? trim($_POST['password']) :null;
$sql="select * from users where user='$user' and password='$password'";
if($stmt=$con->query( $sql))
{
if($stmt->fetchColumn()>0)
{
$row=$stmt->fetch(PDO::FETCH_ASSOC);
$u_name=$row['user'];
$u_password=$row['password'];
if($user==$u_name && $password==$u_password)
{
if(isset($_POST['remember']))
{
setcookie('user',$user,time()+60*60*7);
setcookie('password',$password,time()+60*60*7);
}
session_start();
$_SESSION['user']=$user;
echo "<script> window.location.assign('../index.php'); </script>";
exit();
} else {
echo "nothing";
}
} else {
echo"<script>alert('incorrect user name or password')</script>";
echo "<script> window.location.assign('login.php'); </script>";
}
}
}
现在,当输入凭证正确时,为什么这仍然在else{echo "nothing";}继续。请帮帮我。
答案 0 :(得分:0)
如上所述,您最好将密码列从AES_ENCRYPT更改为varchar(255),然后删除数据库上的用户并开始使用php password_hash()注册用户,然后在登录时验证存储哈希与password_verify()
这是你将在注册页面上做的事情
<?php
$user = isset($_POST['user']) ? $_POST['user'] : null;
$password = isset($_POST['password']) ? $_POST['password'] : null;
//hash the password
$hash = password_hash($password, PASSWORD_DEFAULT);
$insert = $con->prepare("INSERT INTO users (user,password) VALUES(?,?)")->execute(array($user,$password));
if ($insert) {
echo "User registered success";
} else {
//user not registered handle errors
}
?>
然后登录
<?php
$user = !empty($_POST['user']) ? trim($_POST['user']) : null;
$password = !empty($_POST['password']) ? $_POST['password'] : null;
$sql = "SELECT * FROM users WHERE user = ? LIMIT 1";
$stmt = $con->prepare($sql);
$stmt->bindParam(1, $user, PDO::PARAM_STR);
$stmt->execute();
$row = $stmt->fetch();
if ($row && password_verify($password, $row['password'])) { //verify pass
if (isset($_POST['remember'])) {
setcookie('user', $user, time() + 60 * 60 * 7);
setcookie('password', $password, time() + 60 * 60 * 7);
}
$_SESSION['user'] = $user;
header("location:../index.php");
exit();
} else {
echo "incorrect user name or password";
header("location:login.php");
exit();
}
?>
**
注意:使用passwod_hash()验证密码存储区时,请不要使用任何密码存储区 清洁机制
**