我无法获得登录表单以正确连接与mySQL数据库的交互[关闭]
景远航
问题内容:
问题答案:
关闭。 这个问题不能重现或由错别字引起。它当前不接受答案。
想改善这个问题吗? 更新问题,使其成为Stack Overflow
的主题。
4年前关闭。
我想让用户使用用户名和密码登录,并且该数据是否与数据库中的用户名匹配。当我尝试时,我没有收到任何错误,但是没有用。我在Dreamweaver中使用html和php,在phpMyAdmin中使用WAM。我将同时包括表单文档和随附的php文档:
loginpage.php
<?php
include('login.php'); // Includes Login Script
if(isset($_SESSION['login_user'])){
header("location: index.php");
}
?>
<table width="15px" border="0">
<form form action='login.php' method='POST'>
<tr>
<td>Username</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td><input type="submit" name="submit" value="submit"/></td>
</tr>
</form>
login.php
<html>
<head>
<title>Login</title>
</head>
<body>
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$hostname= "localhost";
$database = "boost";
$username = "root";
$password = "";
$localhost = mysqli_connect($hostname, $username, $password, $database);
if(mysqli_connect_errno())
{
die("Connection Failed".mysqli_error());
}
// SQL query to fetch information of registerd users and finds user match.
$sql = "SELECT * FROM `users`";
$query = mysqli_query($localhost,$sql);
if(!$query)
{
die("Query Failed".mysqli_error($localhost));
}
$rows = mysqli_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
echo "You are now logged on!";
} else {
$error = "Username or Password is invalid";
}
mysqli_close($localhost); // Closing Connection
}
}
?>
</body>
</html>
问题答案:
此答案适用于hashing,password_hash()和password_verify()。对于mysqli和pdo。底部的链接具有其他链接以及有关盐等的某些语言。
至关重要的是不要将用户提供的数据直接用于选择和插入。而是绑定参数并调用准备好的语句,以避免sql注入攻击。永远不要将密码以明文形式保存在数据库中。而是应通过单向哈希发送它们。
另请注意。这显示了注册哈希和登录验证。它 不是完整的 功能,我想花10美元在codecanyon上用…
…这样它表明电子邮件地址(登录名)的重新注册已经存在,确实更新了,请注意。在这种情况下,由于数据库中设置了唯一键,因此插入将完全失败。我将其留给读者(读者)进行查找,然后说“电子邮件已注册”。
架构图
CREATE TABLE `user_accounts2` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`email` varchar(100) NOT NULL,
`password` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
unique key(email) -- that better be the case
) ENGINE=InnoDB;
通过register.php运行并保存用户后,数据可能如下所示:
select * from user_accounts2;
+----+-----------+--------------------------------------------------------------+
| id | email | password |
+----+-----------+--------------------------------------------------------------+
| 1 | d@d.com | $2y$10$U6.WR.tiOIYNGDWddfT7kevJU8uiz8KAkdxXpda9e1xuplhC/eTJS |
+----+-----------+--------------------------------------------------------------+
mysqli部分第一
register.php
<?php
mysqli_report(MYSQLI_REPORT_ALL);
error_reporting(E_ALL); // report all PHP errors
ini_set("display_errors", 1); // display them
session_start();
if(isset($_SESSION['userid'])!="") {
// you are already logged in as session has been set
header("Location: safe.php"); // note that this re-direct will at the top of that page
// ... and there to verify the session state so no tricks can be performed
// no tricks and gimmicks
}
if(isset($_POST['register'])) {
$email = $_POST['email'];
$ctPassword = $_POST['password']; // cleartext password from user
$hp=password_hash($ctPassword,PASSWORD_DEFAULT); // hashed password using cleartext one
// pretend the following is locked in a vault and loaded but hard coded here
$host="yourhostname";
$dbname="dbname";
$user="dbuser";
$pwd="password";
$port=3306; // comes along for the ride so I don't need to look up param order below
// end pretend
try {
$mysqli= new mysqli($host, $user, $pwd, $dbname,$port);
if ($mysqli->connect_error) {
die('Connect Error (' . $mysqli->connect_errno . ') ' . $mysqli->connect_error);
}
//echo "I am connected and feel happy.<br/>";
$query = "INSERT INTO user_accounts2(email,password) VALUES (?,?)";
$stmt = $mysqli->prepare($query);
// note the 2 s's below, s is for string
$stmt->bind_param("ss", $email,$hp); // never ever use non-sanitized user supplied data. Bind it
$stmt->execute();
// password is saved as hashed, will be verified on login page with password_verify()
$iLastInsertId=$mysqli->insert_id; // do something special with this (or not)
// redirect to some login page (for now you just sit here)
$stmt->close();
$mysqli->close();
} catch (mysqli_sql_exception $e) {
throw $e;
}
}
?>
<html>
<head>
<title>Register new user</title>
</head>
<body>
<div id="reg-form">
<form method="post">
<table>
<tr>
<td><input type="email" name="email" placeholder="Email" required /></td>
</tr>
<tr>
<td><input type="password" name="password" placeholder="Password" required /></td>
</tr>
<tr>
<td><button type="submit" name="register">Register</button></td>
</tr>
<tr>
<td><a href="index.php">Normal Login In Here</a></td>
</tr>
</table>
</form>
</div>
</body>
</html>
login.php
<?php
mysqli_report(MYSQLI_REPORT_ALL);
error_reporting(E_ALL); // report all PHP errors
ini_set("display_errors", 1); // display them
session_start();
if(isset($_SESSION['userid'])!="") {
// you are already logged in as session has been set
header("Location: safe.php"); // note that this re-direct will at the top of that page
// ... and there to verify the session state so no tricks can be performed
// no tricks and gimmicks
}
if(isset($_POST['login'])) {
$email = $_POST['email'];
$ctPassword = $_POST['password']; // cleartext password from user
// pretend the following is locked in a vault and loaded but hard coded here
$host="yourhostname";
$dbname="dbname";
$user="dbuser";
$pwd="password";
$port=3306; // comes along for the ride so I don't need to look up param order below
// end pretend
try {
$mysqli= new mysqli($host, $user, $pwd, $dbname,$port);
if ($mysqli->connect_error) {
die('Connect Error (' . $mysqli->connect_errno . ') ' . $mysqli->connect_error);
}
//echo "I am connected and feel happy.<br/>";
$query = "select id,email,password from user_accounts2 where email=?";
$stmt = $mysqli->prepare($query);
// note the "s" below, s is for string
$stmt->bind_param("s", $email); // never ever use non-sanitized user supplied data. Bind it
$stmt->execute();
$result = $stmt->get_result();
if ($row = $result->fetch_array(MYSQLI_ASSOC)) {
$dbHashedPassword=$row['password'];
if (password_verify($ctPassword,$dbHashedPassword)) {
echo "right, userid=";
$_SESSION['userid']=$row['id'];
echo $_SESSION['userid'];
// redirect to safe.php (note safeguards verbiage at top of this file about it)
}
else {
echo "wrong";
// could be overkill here, but in logout.php
// clear the $_SESSION['userid']
}
}
else {
echo 'no such record';
}
// remember, there is no iterating through rows, since there is 1 or 0 (email has a unique key)
// also, hashes are one-way functions in the db. Once you hash and do the insert
// there is pretty much no coming back to cleartext from the db with it. you just VERIFY it
$stmt->close();
$mysqli->close();
} catch (mysqli_sql_exception $e) {
throw $e;
}
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<div id="reg-form">
<form method="post">
<table>
<tr>
<td><input type="email" name="email" placeholder="Email" required /></td>
</tr>
<tr>
<td><input type="password" name="password" placeholder="Password" required /></td>
</tr>
<tr>
<td><button type="submit" name="login">Login</button></td>
</tr>
</table>
</form>
</div>
</body>
</html>
下面的pdo部分
当我有时间时,大概是明天,但是现在我将您引向我的答案。
类似资料:
-
本文向大家介绍php无法连接mysql数据库的正确解决方法,包括了php无法连接mysql数据库的正确解决方法的使用技巧和注意事项,需要的朋友参考一下 即使连接Mysql的语句正确,php也无法连接mysql数据库,出现如下图所示的结果: 首先是在Apache服务器的conf/httpd.conf下的任意位置都没有:PHPIniDir "php压缩目录"这一项。 如"C:/php-5.4.43-W
-
我无法连接到MySQL数据库。它发生在更新MySQL和JDK之后。我添加了,但没有结果。这是我从eclipse中得到的一个例外: 不建议在没有服务器身份验证的情况下建立SSL连接。根据MySQL 5.5.45、5.6.26和5.7.6的要求,如果未设置explicit选项,默认情况下必须建立SSL连接。为了符合不使用SSL的现有应用程序,verifyServerCertificate属性设置为“f
-
从(在文件中)开始,一直到模式,我几乎尝试了任何名称空间,但我看到的只是如下所示: 这年头有办法做到这一点吗?
-
我正在尝试创建一个登录表单,但收到一个注意错误:在C:\users\ahmar\desktop\USB web server\root\assignment 2\login.php中的第65行未定义索引:Remote_ADDR 致命错误:在C:\users\ahmar\desktoes\USB web server\root\assignment2\login.php中调用未定义的函数data()
-
问题 你想在关系型数据库中查询、增加或删除记录。 解决方案 Python中表示多行数据的标准方式是一个由元组构成的序列。例如: stocks = [ ('GOOG', 100, 490.1), ('AAPL', 50, 545.75), ('FB', 150, 7.45), ('HPQ', 75, 33.2), ] 依据PEP249,通过这种形式提供数据, 可以很容
-
我设法将我的应用程序与HSQLDB连接起来,并使其运行良好。然而,我在将它连接到MySQL时遇到了一些麻烦。 下面是我的堆栈跟踪: 应用程序运行失败 null 我的pom.xml文件: null 这里是我的application.properties文件: 如果我没有错的话,我将MySQL用户配置为与我在ubuntu中的系统用户相同,这样我就可以用“mysql-u thalysmg”启动MySQL