<?php
include"database.php";
class User{
public $db;
public function __construct()
{
$this->db=new Database();
}
public function UserRegi($data){
$name=$data['name'];
$username=$data['username'];
$email=$data['email'];
$email_chk=$this->chkEmail($email);
$password=md5($data['password']);
if($name=="" || $username=="" || $email=="" || $password==""){
$msg='<div class="alert alert-danger"><strong>Error ! </strong>Any Field Must Not Be Empty !</div>';
return $msg;
}
if(strlen($username)<3){
$msg='<div class="alert alert-danger"><strong>Error ! </strong>Username is too short !</div>';
return $msg;
}elseif(preg_match('/[^a-z0-9_-]+/i',$username)){
$msg='<div class="alert alert-danger"><strong>Error ! </strong>Username Must be contain alpha numerical dashes and underscore !</div>';
return $msg;
}
if(filter_var($email,FILTER_VALIDATE_EMAIL)===false){
$msg='<div class="alert alert-danger"><strong>Error ! </strong>Invalid Email Address !</div>';
return $msg;
}elseif($email_chk==true){
$msg='<div class="alert alert-danger"><strong>Error ! </strong>This Email Address Already Exists !</div>';
return $msg;
}
$sql="insert into tbl_user(name,username,email,password)values(:name,:username,:email,:password)";
$query=$this->db->pdo->prepare($sql);
$query->bindValue(":name",$name);
$query->bindValue(":username",$username);
$query->bindValue(":email",$email);
$query->bindValue(":password",$password);
$result=$query->execute();
if($result){
$msg='<div class="alert alert-success"><strong>Error ! </strong>Congrast User Registation successfull !</div>';
return $msg;
}else{
$msg='<div class="alert alert-danger"><strong>Error ! </strong>User Ragistation Failed !</div>';
return $msg;
}
}
public function chkEmail($email){
$sql="SELECT * FROM tbl_user WHERE email=:email";
$query=$this->db->pdo->prepare($sql);
$query->bindValue(":email",$email);
$query->execute();
if($query->rowCount()>0){
return true;
}else{
return false;
}
}
public function userLogin($data){
$email=$data['email'];
$email_chk=$this->chkEmail($email);
$password=md5($data['password']);
$pass_chk=$this->chkPassword($email,$password);
if(filter_var($email,FILTER_VALIDATE_EMAIL)===false){
$msg='<div class="alert alert-danger"><strong>Error ! </strong>Invalid Email Address !</div>';
return $msg;
}elseif($email_chk==false){
$msg='<div class="alert alert-danger"><strong>Error ! </strong>This Email Address is not Exists !</div>';
return $msg;
}
if($pass_chk==true){
$msg='<div class="alert alert-danger"><strong>Error ! </strong>Sorry Password incorrect !</div>';
return $msg;
}
}
public function chkPassword($email,$password){
$sql="SELECT * FROM tbl_user WHERE email=:email password=:password";
$query=$this->db->pdo->prepare($sql);
$query->bindValue(":email",$email);
$query->bindValue(":password",$password);
$query->execute();
$result=$query->fetchAll(PDO::FETCH_ASSOC);
if($result['password']==$password){
return true;
}else{
return false;
}
}
}
?>
显示此错误:
致命错误:未捕获的PDOException:SQLSTATE [42000]:语法错误或访问冲突:1064您的SQL语法有错误;请参阅附录A。检查与您的MariaDB服务器版本相对应的手册以获取正确的语法,以在C:\ xampp \ htdocs \ lr_new \ lib \ user.php:98中的第1行的'password ='d41d8cd98f00b204e9800998ecf8427e''附近使用:98堆栈跟踪:#0 C :\ xampp \ htdocs \ lr_new \ lib \ user.php(98):PDOStatement-> execute()#1 C:\ xampp \ htdocs \ lr_new \ lib \ user.php(77):User-> chkPassword('' ,'d41d8cd98f00b20 ...')#2 C:\ xampp \ htdocs \ lr_new \ login.php(10):User-> userLogin(Array)#3 {main}放入C:\ xampp \ htdocs \ lr_new \ lib \ user.php,位于第98行
答案 0 :(得分:0)
您的课程太复杂且过时,需要重写几乎一半的课程。 我将向您展示在演示中使用的示例,我使用自己的设置和自己的表构造器。 这是您应该如何调用class的方法:
require_once 'config.php';
require_once '../class/user.php';
$email = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_EMAIL);
$password = filter_input(INPUT_POST, 'password', FILTER_DEFAULT);
if( $user->login( $email, $password) ) {
die;
} else {
$user->Msg();
die;
}
在这里,您的html代码当然在body标签中,您可能使用了ajax,因此需要采取以下形式的操作:
<form method="POST">
<input type="text" id="username" name="username" value="dsdsd">
<input type="password" id="password" name="password" value="sdsd">
<input type="submit" name="LoginBtn" value="signup">
</form>
您的登录功能也很复杂,您的验证部分是:
它应该看起来像这样:
public function login($email,$password){
if(is_null($this->pdo)){
$this->msg = 'Connection did not work out!';
return false;
}else{
$pdo = $this->pdo;
$stmt = $pdo->prepare('SELECT id, fname, lname, email, wrong_logins, password, user_role FROM users WHERE email = ? and confirmed = 1 limit 1');
$stmt->execute([$email]);
$user = $stmt->fetch();
if(password_verify($password,$user['password'])){
$this->user = $user;
session_regenerate_id();
$_SESSION['user']['id'] = $user['id'];
$_SESSION['user']['fname'] = $user['fname'];
$_SESSION['user']['lname'] = $user['lname'];
$_SESSION['user']['email'] = $user['email'];
$_SESSION['user']['user_role'] = $user['user_role'];
return true;
}else{
$this->msg = 'Invalid login information or the account is not activated.';
return false;
}
}
}
您的注册类别应该是最新的:
public function registration($email,$fname,$lname,$pass){
$pdo = $this->pdo;
if($this->checkEmail($email)){
$this->msg = 'This email is already taken.';
return false;
}
if(!(isset($email) && isset($fname) && isset($lname) && isset($pass) && filter_var($email, FILTER_VALIDATE_EMAIL))){
$this->msg = 'Inesrt all valid requered fields.';
return false;
}
$pass = $this->hashPass($pass);
$confCode = $this->hashPass(date('Y-m-d H:i:s').$email);
$stmt = $pdo->prepare('INSERT INTO users (fname, lname, email, password, confirm_code) VALUES (?, ?, ?, ?, ?)');
if($stmt->execute([$fname,$lname,$email,$pass,$confCode])){
if($this->sendConfirmationEmail($email)){
return true;
}else{
$this->msg = 'confirmation email sending has failed.';
return false;
}
}else{
$this->msg = 'Inesrting a new user failed.';
return false;
}
}
这是密码哈希:
private function hashPass($pass){
return password_hash($pass, PASSWORD_DEFAULT);
}