如何在PHP中从MySQL执行登录验证?

时间:2019-04-18 04:23:52

标签: php mysql

声明

我想做一个简单的登录验证,条件是用户名和密码与MySQL服务器中名为admin的表相匹配

到目前为止我尝试过的事情

在以下代码中,login_check.php中有未定义的索引

$uname = mysqli_real_escape_string($conn,$_POST['username'] );

$pass = mysqli_real_escape_string($conn,$_POST['password'] );

login.php (front.php =主页)

<form method="post" action="login_check.php">
        <input type="text" name="username" placeholder="Username" required>
        <span class="error"><?php echo $uname_error; ?></span>
        <input type="password" name="password" placeholder="Password" required>
        <span class="error"><?php echo $pass_error; ?></span>
        <button type="submit" name="Log In" value="Log In">Log In</button> <!--Go to front.php if both username and password are correct.-->
</form>

login_check.php 

<?php

    //Establish connection
    include 'connection.php';

    $uname_error = $pass_error ="";

    $uname = mysqli_real_escape_string($conn,$_POST['username'] );
    $pass = mysqli_real_escape_string($conn,$_POST['password'] );
    $sql = "SELECT admin_username,admin_password FROM admins";

    if(isset($_POST['Log In']))
    {
         //Check Username
         if($uname == "username")
         {
                   //Check Password
                   if($pass == "password")
                   {
                   header("location:front.php"); //If username & password are correct -> log in to front.php.
                   }
                   else //$pass != "password"
                   {
                       $pass_error = "Invalid Password.";
                   }
         }
         else //$uname != "username"
         {
              $uname_error = "Invalid Username.";
         }
    }
    mysqli_close($conn);
?>

编辑1:login.php已修复。

4 个答案:

答案 0 :(得分:1)

您的表单的操作为front.php,验证代码位于log_check.php

验证代码将不会执行,因为提交后,表单将重定向到front.php

您可以(重定向)设置表单的操作login_check.php,验证将适用。

此外,重定向将顺利进行。

因此,有2个更改:

1)删除/评论<?php require 'login_check.php'; ?>

2)更改表单操作自

<form method="post" action="front.php">

收件人

<form method="post" action="login_check.php">

答案 1 :(得分:1)

在您的HTML中-

<?php require 'login_check.php'; ?>
<form method="post" action="front.php">
        <input type="text" name="username" value="username" placeholder="Username" style="font-size: 24px" required>
        <span class="error"><?= $uname_error ?></span>
        <input type="password" name="password" value="password" placeholder="Password" style="font-size: 24px" required>
        <span class="error"><?= $pass_error ?></span>
        <button type="submit" name="Log In" value="Log In">Log In</button> <!--Go to front.php if both username and password are correct.-->
</form>

form操作是front.php,应该是login_check.php,并且也没有使用<?php require 'login_check.php'; ?>,因此您可以删除它。 您编写了非常基本的登录代码,我认为至少也应该对密码进行加密,以改善登录查询。

$error = '';
$result = mysqli_query($conn,"SELECT id, admin_password FROM admins WHERE admin_username = '$uname'");
list($id,$password) = mysqli_fetch_row($result);
if(mysqli_num_rows($result)==1){
    if($password == $pass){
        session_start();
        $_SESSION['userid'] = $id;
        $_SESSION['username'] = $uname;
        header("location:front.php");
    }else{
        $error = "Invalid Password.";
    }
}else{
    $error = "username does not exist";
}

答案 2 :(得分:0)

如果您想使用数据库检查用户名和密码,则从未做过。您的sql查询从未执行过。尽管存储纯文本密码是错误的;但是在使用该密码的情况下,您的login_check.php必须是这样的:

//Establish connection
include 'connection.php';

$uname_error = $pass_error ="";

$uname = mysqli_real_escape_string($conn,$_POST['username'] );
$pass = mysqli_real_escape_string($conn,$_POST['password'] );
$sql = "SELECT * FROM admins WHERE admin_username = '$uname' AND admin_password = '$pass'";

$result = $conn->query($sql);
if ($result->num_rows > 0) {
    header("location:front.php");
} else {
    die('the combination is wrong');
}

答案 3 :(得分:0)

  

首先,您应将密码存储为哈希,而不是纯文本。

     

我还建议使用PDO和准备好的语句,但这取决于您。

// File: login_check.php

//Establish connection
// include 'connection.php'; 
// PDO Connection String
$pdo = new PDO('mysql:host=localhost;dbname=test', 'username', 'password');

$uname_error = $pass_error ="";    

if(isset($_POST['Log In']))
{
    // Prepares the SQL Statment
    $query = $pdo->prepare('SELECT admin_username, admin_password FROM admins WHERE admin_username = :username');
    // Fils the named parameter with the username and executes the query
    $stmt = $query->execute(['username' => $_POST['username']]);
    // Fetches the result
    $result = $stmt->fetch();

    // Check if the DB has a entry with this username and check if the password matches with the Password Hash
    if($result !== false && password_verify($_POST['password'], $result['admin_password']))
    {
        header("location:front.php"); //If username & password are correct -> log in to front.php.
    else
    {
        $pass_error = "Invalid Username or Password.";
    }
}

在PHP中创建哈希密码

<?php
// Create Password with php default Hashing Algo (bcrypt)
$password = password_hash('password', PASSWORD_DEFAULT);

?>
相关问题
最新问题