请协助我,我是php初学者,我正在尝试构建一个具有注册页面和登录页面的系统,但是现在我的登录页面存在问题,它仅接受静态密码“ password” 。我不知道为什么,我做错了什么?我还将我的注册脚本添加到了登录脚本下方。
login.php
<?php
session_start();
include("config.php");
$msg = "";
if(isset($_POST['login'])){
$email = $conn->real_escape_string($_POST['email']);
$password = $conn->real_escape_string($_POST['password']);
if($email == "" || $password == "")
$msg = "Email and Password are both required!";
else{
$sql = $conn->query ("SELECT user_id, password, is_active FROM users WHERE email = '$email'");
if($sql->num_rows > 0){
$data = $sql->fetch_array();
if('password' == $password){
if($data['is_active'] == 0)
$msg = "Please Verify Your Email!";
else{
$_SESSION['user_id'] = $user_id;
$_SESSION['name'] = $f_name;
header('Location: home.php');
//$msg = "Your are logged in";
}
}else
$msg = "Incorrect email and password combination";
}
}
}
?>
Create.php
<?php
include("config.php");
// use PHPMailer\PHPMailer\PHPMailer;
// use PHPMailer\PHPMailer\Exception;
//
// include_once "PHPMailer\PHPMailer.php";
// include_once "PHPMailer\Exception.php";
// include 'PHPMailer\SMTP.php';
global $error1, $error2, $error3, $error4, $error5, $error6, $msgSuccess;
global $info, $fail;
$user_name = $user_surname = $user_phone = $user_email = $user_password = "";
//$date_time = date('Y/m/d');
if(isset($_POST['submit'])){
$f_name = $_POST['f_name'];
$surname = $_POST['surname'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$password = $_POST['password'];
$sql_query = mysqli_query($conn, "SELECT * FROM users WHERE email = '{$email}'");
$count = mysqli_num_rows($sql_query);
if(!empty($f_name) && !empty($surname) && !empty($phone) && !empty($email) && !empty($password)){
if($count > 0){
$error1 ="<div class='alert alert-danger' role='alert'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a>User with Email Already Exist.
</div>'";
} else{
$user_name = mysqli_real_escape_string($conn, $f_name);
$user_surname = mysqli_real_escape_string($conn, $surname);
$user_phone = mysqli_real_escape_string($conn, $phone);
$user_email = mysqli_real_escape_string($conn, $email);
$user_password = mysqli_real_escape_string($conn, $password);
if(!filter_var($user_email, FILTER_VALIDATE_EMAIL)){
$error2 ="<div class='alert alert-danger' role='alert'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a>Email is Invalid.
</div>";
}
if(!preg_match("/^[a-zA-Z]*$/", $user_name)){
$error3 ="<div class='alert alert-danger' role='alert'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a> Only Letter Allowed for Firstname.
</div>";
}
if(!preg_match("/^[a-zA-Z]*$/", $user_surname)){
$error4 ="<div class='alert alert-danger' role='alert'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a>Only Letter Allowed for Lastname.
</div>";
}
if(!filter_var($user_phone, FILTER_SANITIZE_NUMBER_INT)){
$error5 ="<div class='alert alert-danger' role='alert'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a>Only numbers Allowed for phone number.
</div>";
}
if((preg_match("/^[a-zA-Z]*$/", $user_name)) && (preg_match("/^[a-zA-Z]*$/", $user_surname))
&& (filter_var($user_phone, FILTER_SANITIZE_NUMBER_INT))
&& (filter_var($user_email, FILTER_VALIDATE_EMAIL))){
$activation_key = md5(rand().time());
$password = password_hash($password, PASSWORD_BCRYPT);
$sql = "INSERT INTO users (f_name, surname, phone, email, password,
activation_key, is_active, date_time)
VALUES('{$f_name}', '{$surname}', '{$phone}', '{$email}', '{$password}', '{$activation_key}', '0', now())";
$query = mysqli_query($conn, $sql);
// $mail = new PHPMailer();
//
// $mail->isSMTP();
// $mail->SMTPDebug = 2;
// $mail->Host='smtp.gmail.com';
// $mail->Port=587;
// $mail->SMTPAuth=true;
// $mail->SMTPSecure='tls';
// $mail->Username='****************';
// $mail->Password='**************';
//
// $mail->setFrom('********@gmail.com');
// $mail->addAddress($_POST['email']);
// $mail->Subject = "Please Verify Email!";
// $mail->isHTML(true);
// $mail->Body = "
// Please Click on the link below:<br/>
//
// <a href='localhost/catch.a.ride/confirm.php?email=$email&activation_key=$activation_key'>Click Here</a>";
//
// if($mail->send())
// $msg = "You have been registerd, please verify your email!";
// else
// $msg = "Failed to register! please try again later"; // .$mail->ErrorInfo;
}
}
}else{
if(empty($f_name)){
$error3 ="<div class='alert alert-danger'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a> First name field can not be empty.
</div>";
}elseif (empty($surname)){
$error4 ="<div class='alert alert-danger' role='alert'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a>Last name field can not be empty.
</div>";
}elseif (empty($phone)){
$error5 ="<div class='alert alert-danger' role='alert'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a> Phone number field can not be empty.
</div>";
}elseif (empty($email)){
$error2 ="<div class='alert alert-danger' role='alert'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a>Email field can not be empty.
</div>";
}elseif (empty($password)){
$error6 ="<div class='alert alert-danger' role='alert'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a>Password field can not be empty.
</div>";
}else {
$msgSuccess = "<div class='alert alert-success'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a> Added suucessfully, please follow the link xxxxx for activation.
</div>";
}
}
}
?>
答案 0 :(得分:1)
应该为if(data['password'] == $password)
您从数据库中获取信息,但检查不正确。也可以考虑使用密码哈希使这些密码更安全。通常,绑定您的参数。希望这会有所帮助
答案 1 :(得分:1)
在$data = $sql->fetch_array();之后,数据$data将是一个数组。
在if('password' == $password)条件下,应像这样$data['password']添加'password'。