登录表单验证始终显示错误的用户详细信息

时间:2016-02-04 17:04:06

标签: php mysqli

此PHP代码用于登录表单验证。为什么它总是返回'错误的用户数据'(Грешниданни!)。 $ name& $ pass1来自其他文件中的登录表单。 $ activated的值为0 || 1,用户是否通过电子邮件确认用户注册。

<?php

    //connection with database
    require "db_connect.php";
    require "password_compat-master/lib/password.php";

    $name = mysqli_real_escape_string($conn, stripslashes(trim(filter_input(INPUT_POST, 'name'))));
    $pass1 = mysqli_real_escape_string($conn, stripslashes(trim(filter_input(INPUT_POST, 'pass1'))));

    $errorName = '';
    $errorPass1 = '';
    $feedback = '';

    $mainError = false;

    //get hash
    $retHash = "SELECT password FROM users WHERE user_name='$name'";
    $query_retHash = mysqli_query($conn, $retHash);

    $row = mysqli_fetch_array($query_retHash);
    $hash = $row['password'];

    //get name
    $retName = "SELECT user_name FROM users WHERE user_name='$name'";
    $query_retName = mysqli_query($conn, $retName);

    $row = mysqli_fetch_array($query_retName);
    $uname = $row['user_name'];

    //get 'activated'
    $retAct = "SELECT user_name FROM users WHERE user_name='$name'";
    $query_retAct = mysqli_query($conn, $retAct);

    $row = mysqli_fetch_array($query_retAct);
    $activated = $row['activated'];



    if (filter_input_array(INPUT_POST)) {

        if ($name !== $uname) {
            $mainError = true;
        }

        if (!password_verify($pass1, $hash)) {
            $mainError = true;
        }

        if ($activated != 1) {
            $mainError = true;
        }

        if (!$mainError) {
            $feedback = 'Здравей,' . $name . '!';
        } else {
            $feedback = 'Грешни данни!'; 
        }
    }   

?>

2 个答案:

答案 0 :(得分:2)

作为@Rajdeep回答,

$retAct = "SELECT user_name FROM users WHERE user_name='$name'";
                      ^ it should be activated

更好地使用一个查询。获取所有详细信息。

<?php

//connection with database
require "db_connect.php";
require "password_compat-master/lib/password.php";

$name = mysqli_real_escape_string($conn, stripslashes(trim(filter_input(INPUT_POST, 'name'))));
$pass1 = mysqli_real_escape_string($conn, stripslashes(trim(filter_input(INPUT_POST, 'pass1'))));

$errorName = '';
$errorPass1 = '';
$feedback = '';

$mainError = false;

//get hash
$retHash = "SELECT * FROM users WHERE user_name='$name'";
$query_retHash = mysqli_query($conn, $retHash);

$row = mysqli_fetch_array($query_retHash);
$hash = $row['password'];
$uname = $row['user_name'];
$activated = $row['activated'];

if (filter_input_array(INPUT_POST)) {

    if ($name !== $uname) {
        $mainError = true;
    }

    if (!password_verify($pass1, $hash)) {
        $mainError = true;
    }

    if ($activated != 1) {
        $mainError = true;
    }

    if (!$mainError) {
        $feedback = 'Здравей,' . $name . '!';
    } else {
        $feedback = 'Грешни данни!'; 
    }
}   

?>

答案 1 :(得分:1)

请看这里的陈述,

//get 'activated'
$retAct = "SELECT user_name FROM users WHERE user_name='$name'";
                      ^ it should be activated

并且没有必要运行三个单独的查询。您只需使用一个查询即可实现相同的功能:

// your code

$query = "SELECT user_name, password, activated FROM users WHERE user_name='$name' LIMIT 1";
$result = mysqli_query($conn, $query);
$row = mysqli_fetch_array($result);
$uname = $row['user_name'];
$hash = $row['password'];
$activated = $row['activated'];

if (filter_input_array(INPUT_POST)) {

    // your code

}
相关问题
最新问题