我对我的登录脚本有疑问。
我使用php创建了一个登录脚本,如下所示:
<?php
include 'headermet.php';
include 'database.php';
session_start();
if( isset($_SESSION['user_id']) ){
header("Location: /");
}
if(!empty($_POST['username']) && !empty($_POST['password'])):
$records = $conn->prepare('SELECT id,username,password FROM users WHERE username = :username');
$records->bindParam(':username', $_POST['username']);
$records->execute();
$results = $records->fetch(PDO::FETCH_ASSOC);
$message = '';
if(count($results) > 0 && password_verify($_POST['password'], $results['password']) ){
$_SESSION['user_id'] = $results['id'];
header("Location: /");
} else {
$message = 'ERROR while trying to login';
}
endif;
?>
<body>
<h1 style = "margin-top:100px;">LOGIN</h1>
<?php if(!empty($message)): ?>
<p><?= $message ?></p>
<?php endif; ?>
<form action="login.php"= method="POST">
<input type="text" placeholder="Gebruikersnaam" name="username">
<input type="password" placeholder="Wachtwoord" name="password">
<input type="submit">
</form>
</body>
<?php include 'footer.php';?>
在代码中,如果凭据不正确,我会添加错误消息。消息是$message = 'ERROR while trying to login';
使用sequelpro我添加了一个测试用户,其用户名为:test,密码为:test
Does .Value = .Value act similar to Evaluate() function in VBA?
答案 0 :(得分:1)
password_verify
对我来说是新的。另一种方法是,如果数据库中存在匹配项,则可以假定在返回行时登录成功。因此:
首先将密码传递到SELECT
以检查
$records = $conn->prepare('SELECT id,username,password FROM users WHERE username = :username AND password = :password');
请记住也要绑定密码
$records->bindParam(':password ', $_POST['password']); //Rather encrypt password
优良作法是在注册时加密密码,然后再次通过登录加密输入的密码和数据库中的匹配。
然后检查是否返回了一行
$count = $records->rowCount(); // This will return the number of rows
if($count > 0) //This will cause issue if more than one row is returned but illustrates the point.
{
$_SESSION['user_id'] = $results['id'];
header("Location: /");
}
答案 1 :(得分:1)
首先你的登录脚本不安全你需要学习如何使用md5或其他人来保存你的密码..我首先使用它并按照d步骤
<?php
if (isset($_POST['save'])){
session_start();
if(isset($_SESSION['SESS_MEMBER_ID']) && $_SESSION['SESS_MEMBER_ID']!=''){header("Location:home.php");}
$dbh=new PDO('mysql:dbname=dbname;hostdbhost', 'dbusername', 'dbpassword');/*Change The Credentials to connect to database.*/
$username=$_POST['username'];
$password =(md5($_POST['pass'])); /*Encrpt your password with md5.*/
if(isset($_POST) && $username!='' && $password!=''){
$sql=$dbh->prepare("SELECT id,password,username FROM tablename WHERE username=?");
$sql->execute(array($username));
while($r=$sql->fetch()){
$p=$r['password'];
$u=$r['username'];
}
if($p==$password){
$_SESSION['SESS_MEMBER_ID']=$id;
$_SESSION['SESS_USERNAME'] = $u;
header("Location:home");
}else{
header("Location: login.php?error=1");
} }
}
?>
<form method="post" enctype="multipart/form-data">
<div>
<span>Username<label>*</label></span>
<input type="text" name="username" required>
</div>
<div>
<span>Password<label>*</label></span>
<input type="password" name="pass" required>
</div>
<input type="submit" name="save" value="Login">
</form>
&#13;