嗨,我已经很长时间没有登录认证了,这只是我第三天做PHP。真可惜,有人可以帮我吗?我已经尝试了许多方法,但它们都没有起作用,我决定到目前为止还不对我的密码进行哈希处理。
此代码都在xampp服务器上运行,这是我的两个代码,最上面的是旧代码,而下面的是新代码。
<?php
$servername = "127.0.0.1";
$username = "root";
$password = "";
/** Define variable to perform connection to the server*/
$handler = mysqli_connect($servername, $username, $password);
$errors = array();
/** To perform authentication of login with the database*/
if(empty($_POST['username'])){
die("Username field was empty.");
} elseif (empty($_POST['password'])) {
die("Password field was empty.");
}
elseif(isset($_POST['username']) && isset($_POST['password'])){
$user=$_POST['username'];
$pass=$_POST['password'];
$handler or die(mysqli_error());
mysqli_select_db($handler,'users') or die("Cannot select DB");
$query=mysqli_query($handler,"SELECT Username,Email,Password FROM
users.person WHERE username='".$user."' OR email='".$user."'") or
die(mysqli_error());
if (!$query) {
die('Query failed');
}
$query2 = mysqli_num_rows($query);
if ($query2 ==0){
die('That User does not exist.<br /> If you think this is
wrong<a href="login.html">try again</a>.');
}
while($check = mysqli_fetch_array($query,)){
$_POST['password'] = stripslashes($_POST['password']);
$info['pass'] = stripslashes($info['pass']);
if ($_POST['password'] != $info['pass']){
die("Incorrect password, please <a href='login.html'>try
again</a>.");
}else{
session_start();
$_SESSION['user_name'] = "username";
$_SESSION["user_login_status"] = 1;
header('Location:horror.html');
}
}
}
exit;
?>
//*The top code is the code that i tried using/
//*The bottom code is the code im working with now/
<?php
session_start();
$servername = "127.0.0.1";
$username = "root";
$password = "";
/** Define variable to perform connection to the server*/
$handler = mysqli_connect($servername, $username, $password);
// class UserClass{
// /* __constructor()
// * Constructor will be called every time Login class is called
($login = new Login())
// */
// public function __construct(){
// /* Check if user is logged in. */
// $this->isLoggedIn();
// /* If login data is posted call validation function. */
// if (isset($_POST["submit"])) {
// $this->Login();
// }
// } /* End __constructor() */
/* Function Login()
* Function that validates user login data, cross-checks with database.
* If data is valid user is logged in, session variables are set.
*/
// Require credentials for DB connection.
// Check that data has been submited.
if(isset($_POST['username'])){
// User input from Login Form(loginForm.php).
$user = trim($_POST['username']);
$userpsw = trim($_POST['password']);
// Check that both username and password fields are filled with
values.
if(!empty($user) && !empty($userpsw)){
mysqli_select_db($handler,'users') or die("Cannot select
DB");
/* Query the username from DB, if response is greater than 0
it means that users exists &
* we continue to compare the password hash provided by the
user side with the DB data. */
$stmt = $handler->prepare("SELECT username, password FROM
users.person WHERE username = ?");
$stmt->bind_param("s", $user);
$stmt->execute();
$result = $stmt->get_result();
$stmt->close();
if ($result->num_rows === 1) {
if ($userpsw = $user) {
// Username is set as Session user_id for this user.
$_SESSION['user_id'] = $user;
header("location: Booking.html");
} else {
$_SESSION['message'] = 'Invalid username or
password.';
header("location: login.html");
}
} else {
$_SESSION['message'] = 'Invalid username or password.';
header("location: login.html");
}
} else {
$_SESSION['message'] = 'Please fill all required fields.';
header("location: login.html");
}
}
exit;
?>