我的代码中没有给我任何错误,但是当我尝试登录时,我总是得到无效的登录详细信息。这可能是因为代码写错了。我有密码哈希,所以我必须使用这段代码,
<title>Logging you in... | Project Club</title>
<?php
if (session_status() == PHP_SESSION_NONE){
session_start();
}
$servername = "censored";
$serverusername = "censored";
$serverpassword = "censored";
$serverdbname = "censored";
$usernamemail = $_POST['usernamemail'];
$password = $_POST['password'];
$conn = new mysqli($servername, $serverusername, $serverpassword, $serverdbname);
if (isset($_POST['username']) and isset($_POST['password'])){
$sql = "SELECT * FROM login WHERE username='$usernamemail' OR email='$usernamemail'";
$result = mysqli_query($conn, $sql);
if ($row = mysqli_fetch_assoc($result)){
$hashpwdcheck = password_verify($password, $row['password']);
echo $hashpwdcheck;
if ($hashpwdcheck == true){
$backbtn = "<input type='button' value='Go Back' onclick='window.history.back()' /><style>input{padding:16px 32px;text-align:center;text-decoration:none;display:inline-block;font-size:16px;margin:4px 2px;transition-duration:0.4s;background-color:white;color:black;border:2px solid #f44336;}input:hover{background-color:#f44336;color:white;}html{margin:auto;width:60%;background-color:#d3d3d3;}p{color:black;}</style>";
$_SESSION['username'] = $row['username'];
echo "<p>You are successfully logged in.</p>" . $backbtn . "";
} else {
echo "<p>Invalid Login Credentials.</p>" . $backbtn . "";
}
}
mysqli_close($conn);
} else {
echo "<p>Invalid Login Credentials.</p><input type='button' value='Go Back' onclick='window.history.back()' /><style>input{padding:16px 32px;text-align:center;text-decoration:none;display:inline-block;font-size:16px;margin:4px 2px;transition-duration:0.4s;background-color:white;color:black;border:2px solid #f44336;}input:hover{background-color:#f44336;color:white;}html{margin:auto;width:60%;background-color:#d3d3d3;}p{color:black;}</style>";
}
?>
这是我用于我的网站的注册脚本。此代码基本上将所有内容放入数据库,并向用户发送电子邮件并发送SMS文本。
<title>Creating your Account... | Project Club</title>
<?php
//start session
if (session_status() == PHP_SESSION_NONE){session_start();}
//set variables
$errvalidating = 0;
$servername = "censored";
$serverusername = "censored";
$serverpassword = "censored";
$serverdbname = "censored";
$usernamesign = $_POST['username'];
$emailsign = $_POST['email'];
$phonesign = $_POST['phone'];
$passwordsign = $_POST['psw'];
$ipsign = $_SERVER['REMOTE_ADDR'];
$datesign = date('F jS Y h:i:s A');
$phoneverifsign = rand(111111, 999999);
$accdeletecode = rand(1111111111, 2147483647);
$emailverifsign1 = rand(1111111111, 2147483647);$emailverifsign2 = rand(1111111111, 2147483647);$emailverifsign3 = rand(1111111111, 2147483647);$emailverifsign4 = rand(1111111111, 2147483647);$emailverifsign5 = rand(1111111111, 2147483647);$emailverifsign6 = rand(1111111111, 2147483647);$emailverifsign7 = rand(1111111111, 2147483647);$emailverifsign8 = rand(1111111111, 2147483647);$emailverifsign9 = rand(1111111111, 2147483647);$emailverifsign10 = rand(1111111111, 2147483647);$emailverifsign = $emailverifsign1 . $emailverifsign2 . $emailverifsign3 . $emailverifsign4 . $emailverifsign5 . $emailverifsign6 . $emailverifsign7 . $emailverifsign8 . $emailverifsign9 . $emailverifsign10;
$hashedpwd = password_hash($passwordsign, PASSWORD_DEFAULT);
$hashedphoneverif = password_hash($phoneverifsign, PASSWORD_DEFAULT);
$hashedaccdelete = password_hash($accdeletecode, PASSWORD_DEFAULT);
$hashedemailverif = password_hash($emailverifsign, PASSWORD_DEFAULT);
//note: make session variable for login (see https://www.w3schools.com/php/php_sessions.asp)
//start session
$conn = new mysqli($servername, $serverusername, $serverpassword, $serverdbname);
//sms gateway domains
$verizonwireless = "vtext.com";
$virginmobile = "vmobl.com";
$altel = "sms.alltelwireless.com";
$att = "txt.att.net";
//detect
if ($_POST['psw'] !== $_POST['psw-repeat']){echo "Your passwords do not match.<br>";$errvalidating = 1;}
if ($_POST['email'] !== $_POST['email-repeat']){echo "Your emails do not match.<br>";$errvalidating = 1;}
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {echo "Your email is not valid.<br>";$errvalidating = 1;}
if (strlen($_POST['username']) < 6){echo "Your username is less than 6 characters.<br>";$errvalidating = 1;}
if (strlen($_POST['username']) > 16){echo "Your username is more than 16 characters.<br>";$errvalidating = 1;}
if (strlen($_POST['psw']) < 6){echo "Your password is less than 6 characters.<br>";$errvalidating = 1;}
if (strlen($_POST['psw']) > 16){echo "Your password is more than 16 characters.<br>";$errvalidating = 1;}
if (!preg_match("/^[a-zA-Z ]*$/",$_POST['name'])) {echo "Only letters and white space allowed in your name.<br>";$errvalidating = 1;}
$resultusernamecheck = $conn->query("SELECT id FROM login WHERE username = '$usernamesign'");if($resultusernamecheck->num_rows == 0) {}else{echo "Sorry, but this username is taken.<br>";$errvalidating = 1;}
$resultemailcheck = $conn->query("SELECT id FROM login WHERE email = '$emailsign'");if($resultemailcheck->num_rows == 0) {}else{echo "Sorry, but this email is taken.<br>";$errvalidating = 1;}
$resultphonecheck = $conn->query("SELECT id FROM login WHERE phone = '$phonesign'");if($resultemailcheck->num_rows == 0) {}else{echo "Sorry, but this phone number is taken.<br>";$errvalidating = 1;}
if (strlen($_POST['phone']) != 10){echo "Your phone number is not 10 characters.<br>";$errvalidating = 1;}
if($errvalidating = 1){echo "<script>setTimeout(function(){window.history.back()}, 3000);</script>You will be redirected in a few seconds.";exit(0);}
//Connect
$sql = "INSERT INTO login (id, username, email, phone, password, ip, date, status, profilepicturelink, phoneverifcode, phoneverified, emailverifcode, emailverified, userlevel, accdeletecode) VALUES ('', '$usernamesign', '$emailsign', '$phonesign', '$hashedpwd', '$ipsign', '$datesign', 'NO', 'https://4424club.xyz/files/images/user.png', '$hashedphoneverif', 'NO', '$hashedemailverif', 'NO', 'member', '$hashedaccdelete')";
if (mysqli_query($conn, $sql)) {
echo "Your account has been successfully created. Please confirm your email and phone number. You will be redirected in a few seconds.";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
//phone
$phoneto = "$phonesign@$att";
$phonefrom = "support@4424cub.xyz";
$phonemessage = "Congradulations! You successfully created an account on Project Club.\nYour phone verification code is $phoneverifsign. Have fun!";
$phoneheaders = "From: Project Club Phone Verification";
mail($phoneto, '', $phonemessage, $phoneheaders);
//email
$subject = $usernamesign . ", Confirm your Email | Project Club";
$from = 'noreply@4424club.xyz';
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: '.$from."\r\n";
$emailmessage = <<<EOL
<h1 style="color:red;text-align:center;">Hi, $usernamesign</h1>
<p style="color:blue;text-align:center;">You used this email to create an account at Project Club.</p>
<p style="color:blue;text-align:center;">If this was not you, please ignore this email and move on.</p>
<p style="color:blue;text-align:center;">If this was you, click the button below to verify your account.</p>
<form action="https://4424club.xyz.412quack.com/EN/confirm-email" method="post">
<input type="text" name="username" value="$usernamesign" type="hidden" style="display:none;">
<input type="text" name="code" value="$emailverifsign" type="hidden" style="display:none;">
<input style="text-align:center;text-decoration:none;display:block;font-size:16px;background-color:red;color:white;border:2px solid #f44336;margin-left:auto;margin-right:auto;" type="submit" value="Verify My Email">
</form>
<p style="color:blue;text-align:center;">Enjoy your stay at Project Club!</p>
EOL;
mail($emailsign,$subject,$emailmessage,$headers);
echo "<script>setTimeout(function(){window.history.back()}, 5000);</script>";
mysqli_close($conn);
?>
答案 0 :(得分:-1)
修改
尝试更改此
if (!empty($_POST['username']) && !empty($_POST['password'])) {
到这个
if (!empty($_POST['usernamemail']) && !empty($_POST['password'])) {