客户端验证无法使用MongoDB

时间:2018-04-03 12:10:54

标签: php html ajax mongodb

我已创建客户注册,客户数据存储在MongoDB中,但PHP代码($customer['password'] != $password)不起作用并保持打印“已成功登录!”即使文本字段为空。我错过了什么,但我无法弄清楚它是什么。如果有人能帮助我,我将不胜感激。

HTML 

<label class="sign_in_label">Your username is<br>
    <input id="username" type="text" name="username" placeholder="Username...">
</label>
<br>
<br>
<label class="sign_in_label">Your password is<br>
    <input id="password" type="password" name="password" placeholder="Password...">
</label>
<br>
<input class="log_in_button" onclick="signin()" type="button" value="SIGN IN">
<p id="error_messages"></p>

AJAX 

//Attempts to log in user to server
function signin() {
    var request = new XMLHttpRequest();
    //Create event handler that specifies what should happen when server responds
    request.onload = function() {
        //Check HTTP status code
        if(request.status === 200) {
            //Get data from server
            var responseData = request.responseText;
            document.getElementById("error_messages").innerHTML = request.responseText;
        }
        else
        alert("Error communicating with server: " + request.status);
    };
    //Set up and send request
    request.open("POST", "php/sign_in.php");
    request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
    //Extract login data
    var logUsername = document.getElementById("username").value;
    var logPassword = document.getElementById("password").value;                
    request.send("username=" + logUsername + "&password=" + logPassword);
}

PHP 

<?php        
//Start session management
session_start();

//Get name and address strings
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);    

//Connect to MongoDB and select database
$mongoClient = new MongoClient();
$db = $mongoClient->ecommerce;

//Create a PHP array with our search criteria
$findCriteria = [
"username" => $username,
];

//Find all of the customers that match  this criteria
$cursor = $db->customers->find($findCriteria);

//Get customer    
$customer = $cursor->getNext();

//Check password
if ($customer['password'] != $password) {
echo 'Incorrect details. Try again.';
} 
else {    
//Start session for this user
$_SESSION['loggedInUser'] = $username; 
//Inform web page that login is successful
echo 'Successfully logged in!';
}

//Close the connection
$mongoClient->close();
?>

1 个答案:

答案 0 :(得分:0)

我已经弄清楚了!

<?php        
//Start session management
session_start();

//Get name and address strings - need to filter input to reduce chances of 
SQL injection etc.
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);    

//Connect to MongoDB and select database
$mongoClient = new MongoClient();
$db = $mongoClient->ecommerce;

//Create a PHP array with our search criteria
$findCriteria = [
    "username" => $username,
    "password" => $password
];

//Find all of the customers that match  this criteria
$cursor = $db->customers->find($findCriteria);

if ($cursor->count() > 0) { 
    //Inform web page that login is successful
    echo 'Successfully logged in!';
    //Start session for this user
    $_SESSION['loggedInUser'] = $username;
}
else if($cursor->count() > 1){
    echo 'Database error: Multiple customers have the same details.';
}
else {
    echo 'Incorrect details. Try again.';
}

//Close the connection
$mongoClient->close();
?>
相关问题
最新问题