PHP中的表单验证问题

时间:2018-05-31 17:13:17

标签: php mysql sql

我目前有一个登录页面,其中包含以下用于登录的PHP代码。登录工作正常但是如果我输入了错误的密码,或者即使我没有填写用户名或密码字段,它也会输出错误if(isset($_POST['doLogin'])){ $username = $_POST['login-username']; $password = $_POST['login-password']; if(empty($username) || empty($password)){ $error = error("Please enter all fields"); } /// Main Checks Against the Inputs $SQLCheckLoginn = $odb -> prepare("SELECT COUNT(*) FROM `users` WHERE `username` = :username"); $SQLCheckLoginn -> execute(array(':username' => $username)); $countLoginn = $SQLCheckLoginn -> fetchColumn(0); if ($countLoginn < 1){ $SQL = $odb -> prepare("INSERT INTO `loginlogs` VALUES(:username, :ip, UNIX_TIMESTAMP(), 'XX')"); $SQL -> execute(array(':username' => $username." - does not exist",':ip' => $ip)); $error = error("The username does not exist in our system."); } $SQLCheckLogin = $odb -> prepare("SELECT COUNT(*) FROM `users` WHERE `username` = :username AND `password` = :password"); $SQLCheckLogin -> execute(array(':username' => $username, ':password' => SHA1($password))); $countLogin = $SQLCheckLogin -> fetchColumn(0); if (!($countLogin == 1)){ $SQL = $odb -> prepare("INSERT INTO `loginlogs` VALUES(:username, :ip, UNIX_TIMESTAMP(), 'XX')"); $SQL -> execute(array(':username' => $username." - failed login",':ip' => $ip)); $error = error('The password you entered is invalid.'); } $SQL = $odb -> prepare("SELECT `status` FROM `users` WHERE `username` = :username"); $SQL -> execute(array(':username' => $username)); $status = $SQL -> fetchColumn(0); if ($status == 1){ $SQL = $odb -> prepare("SELECT `reason` FROM `bans` WHERE `username` = :username"); $SQL -> execute(array(':username' => $username)); $ban = $SQL -> fetchColumn(0); if(empty($ban)){ $ban = "No reason given."; } $error = error('You are banned. Reason: '.htmlspecialchars($ban)); } $SQL = $odb -> prepare("SELECT `email_active` FROM `users` WHERE `username` = :username"); $SQL -> execute(array(':username' => $username)); $fetch = $SQL -> fetchColumn(0); if ($fetch == "0"){ $error = error('Account not confirmed. Please contact support.'); } // Check if 2auth enabled if(empty($error)){ $SQL = $odb -> prepare("SELECT * FROM `users` WHERE `username` = :username"); $SQL -> execute(array(':username' => $username)); $userInfo = $SQL -> fetch(); $ipcountry = json_decode(file_get_contents("https://www.geoplugin.net/json.gp?ip=".$ip)) -> {'geoplugin_countryName'}; if (empty($ipcountry)) {$ipcountry = 'XX';} $SQL = $odb -> prepare('INSERT INTO `loginlogs` VALUES(:username, :ip, UNIX_TIMESTAMP(), :ipcountry)'); $SQL -> execute(array(':ip' => $ip, ':username' => $username, ':ipcountry' => $ipcountry)); $_SESSION['username'] = $userInfo['username']; $_SESSION['ID'] = $userInfo['ID']; $_SESSION['email'] = $userInfo['email']; setcookie("username", $userInfo['username'], time() + 720000); header('Location: dashboard'); } } 我真的不明白为什么这是... 

<?xml version="1.0" encoding="UTF-8"?>
<Records>
    <Record>
        <username>jjohnson</username>
        <firstName>John</firstName>
        <lastName>johnson</lastName>
        <email>john@someurl.com</email>
    </Record>
    <Record>
        <username>bsimmons</username>
        <firstName>ben</firstName>
        <lastName>simmons</lastName>
        <email>ben@someurl.com</email>
    </Record>
    ...etc
</Records>

1 个答案:

答案 0 :(得分:0)

如果发现错误,您不会中断,因此即使用户名不存在,您仍然会检查密码等。

现在你来到if ($fetch == "0")点 - 我认为$fetch相当于false。请注意,PHP没有类型。 “0”也被解释为false,因此if ($fetch == "0")为真。

  

转换为布尔值时,以下值被视为FALSE:

     

布尔值FALSE本身

     

整数0(零)

     

浮点数0.0(零)

     

空字符串和字符串“0”

     

零元素的数组

     

特殊类型NULL(包括未设置的变量)

     

从空标签创建的SimpleXML对象

参考:http://php.net/manual/en/language.types.boolean.php

相关问题
最新问题