-1
我試圖找到如何檢查一個名爲主動變等於1。我在嘗試函數低於:MySQL查詢是罰款,不給的值或錯誤
function login($email, $password, $mysqli) {
// Using prepared statements means that SQL injection is not possible.
if ($stmt = $mysqli->prepare("SELECT id, username, password, salt, active
FROM members
WHERE email = ? LIMIT 1")) {
$stmt->bind_param('s', $email); // Bind "$email" to parameter.
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
// get variables from result.
$stmt->bind_result($user_id, $username, $db_password, $salt, $active);
$stmt->fetch();
// hash the password with the unique salt.
$password = hash('sha512', $password . $salt);
if ($stmt->num_rows == 1) {
// If the user exists we check if the account is locked
// from too many login attempts
if (checkbrute($user_id, $mysqli) == true) {
// Account is locked
// Send an email to user saying their account is locked
return false;
} else {
// Check if the password in the database matches
// the password the user submitted.
if ($db_password == $password) {
// Password is correct!
// Get the user-agent string of the user.
$user_browser = $_SERVER['HTTP_USER_AGENT'];
// XSS protection as we might print this value
$user_id = preg_replace("/[^0-9]+/", "", $user_id);
$_SESSION['user_id'] = $user_id;
// XSS protection as we might print this value
$username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username);
$_SESSION['username'] = $username;
$_SESSION['login_string'] = hash('sha512', $password . $user_browser);
} else {
// Password is not correct
// We record this attempt in the database
$now = time();
if (!$mysqli->query("INSERT INTO login_attempts(user_id, time)
VALUES ('$user_id', '$now')")) {
header("Location: ../error?err=Database error: login_attempts");
exit();
}
return false;
}
}
} else {
// No user exists.
return false;
}
} else {
// Could not create a prepared statement
header("Location: ../error?err=Database error: cannot prepare statement");
exit();
}
}
我假設我在$ mysqli-> prepare語句中添加活動的地方是正確的。 我想要做的是如果用戶得到他們的密碼正確我會查詢MySQL表,看他的帳戶是活躍(1)或不活躍(0)。如果它被設置爲0,則它會登錄並且沒有錯誤。然而,在我的process_login.php文件時,它會記錄用戶如果是(0),但的index.php?ERR = 1
<?php
include_once 'db_connect.php';
include_once 'functions.php';
sec_session_start(); // Our custom secure way of starting a PHP session.
if (isset($_POST['email'], $_POST['p'])) {
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
$password = $_POST['p']; // The hashed password.
if (login($email, $password, $mysqli) == true) {
// Login success
header("Location: ../protected_page.php");
exit();
} else {
// Login failed
header('Location: ../index.php?error=1');
echo $active;
exit();
}
} else {
// The correct POST variables were not sent to this page.
header('Location: ../error.php?err=Could not process login');
exit();
}
當我嘗試回聲變量$主動將沒有返回值。 提前感謝任何幫助。
這類似於很多類似這樣的問題http://stackoverflow.com/q/42405324/1415724,你可能得到了相同的代碼http://www.wikihow.com/Create-a-Secure-Login-Script在PHP和MySQL中,並沒有按照它「到T」 - 你會發現你的答案。 –
**答:**完全按照[該教程](http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL)跳過或跳過或修改任何可能會破壞它的代碼。以此爲解決方案來解決這個問題。 –
'header('Location:../index.php?error=1'); echo $ active;'這不會發生順便說一句,不是你在教程中添加的回聲。 –