1
我目前正在做一個項目,在我的項目中有一個登錄模式。我迄今爲止使用ajax所做的事情是:1)檢查兩個字段的用戶名和密碼是否有值; 2)用戶名字段只有一個值(密碼字段爲空); 3)檢查帳戶是否驗證檢查用戶名和密碼是否匹配使用ajax codeigniter
注意:我只是嘗試如果($ data ['validateLogin']> 0)如果它有一個值,是的,它正在工作,但是當我輸入正確的用戶名和密碼仍然給我一個錯誤「錯誤的用戶名或密碼」
問題:如何檢查用戶名和密碼是否正確?我的病情是錯的嗎?如果($ data ['validateLogin']> 0)?
登錄模式的看法
<!-- Login -->
<div id="myLogin" class="modal fade" role="dialog">
<div class="modal-dialog">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">Login</h4>
</div>
<div class="modal-body">
<form id="login" encrypt="multipart/form-data">
<div class="form-group">
<label> Username: </label>
<input type="text" class="form-control" name="username" id="username">
</div>
<div class="form-group">
<label> Password: </label>
<input type="password" class="form-control" name="password" id="password">
</div>
</div>
<div class="modal-footer">
<button type="submit" class="btn btn-primary"> Login </button>
</form>
<a data-toggle="modal" href="#mySignup" data-dismiss="modal">Sign up</a>
</div>
</div>
</div>
</div>
AJAX我的登錄模式
$("#login").on('submit',function(event){
$.ajax({
url: "http://localhost/itsq/User/validate_user",
type: "POST",
data: $(this).serialize(),
success: function(data) {
var result = JSON.parse(data);
//alert(data);
if(result===1)
{
swal({
type: 'success',
html: 'Update Successful!',
timer: 2000,
})
setTimeout(function() {
document.location.href=base_url + "User/";
}, 2000);
// document.location.href="http://localhost/ecom/Administrator/view_staff_Account";
}
else
{
swal({
type: 'error',
html: result,
timer: 2000,
})
console.clear();
}
// $.LoadingOverlay("hide");
},
error: function (xhr, ajaxOptions, thrownError) {
console.log(xhr.status);
console.log(xhr.responseText);
console.log(thrownError);
}
})
event.preventDefault();
});
控制器
public function validate_user()
{
$this->form_validation->set_error_delimiters('<div class="alert alert-danger" role="alert" style="padding:2px">', '</div>');
$this->form_validation->set_rules('username', 'Username', 'required|trim');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
if ($this->form_validation->run() == FALSE)
{ //if validation is false go to itemList
echo json_encode(validation_errors());
}
else
{
$username = $_POST['username'];
$password = $_POST['password'];
$data['validateLogin'] = $this->CrudModel->validate_user($username,md5($password));
if($data['validateLogin'] > 0) // If there's no match then do this
{
echo json_encode("Incorrect username or password");
}
else // Get all the information for that account
{
foreach($data['validateLogin'] as $vl) // Save it to one variable
{
$user_id = $vl->id;
$status = $vl->status;
}
if($status != "Verified") // Is not verified
{
echo json_encode("Your account is not verified");
}
else
{
$this->session->set_userdata(array('user' => true, 'first_name' => $first_name, 'middle_name' => $middle_name, 'last_name' => $last_name,'gender' => $gender,'age' => $age, 'email' => $email,'username' => $username,'address' => $address, 'credit_card' => $credit_card, 'bank_name' => $bank_name));
redirect('administrator/index',$data);
echo json_encode(1);
}
}
// $this->CrudModel->insert('users', $customer);
// echo json_encode(1);
}
}
型號
// public function validate_user($table,$username_column,$email_column,$password_column,$username, $password)
public function validate_user($table,$username, $password)
{
$this->db->select('username,email,password');
$this->db->where("(email = $username OR username = $username) AND password = $password");
// $query = $this->db->get($table);
$query = $this->db->get();
echo $this->db->last_query();
return $query->result();
// $query = $this->db->get_where($table,array($username_column => $username,$password_column => $password));
// return $query->result();
}
確保您沒有在數據庫中使用加密密碼! – Shihas
不要使用密碼不安全的MD5使用PHP http://php.net/manual/en/function.password-hash.php並驗證回調http://php.net/manual/en/ function.password-verify.php – user4419336
您的代碼容易受到[** SQL注入**](https://en.wikipedia.org/wiki/SQL_injection)攻擊。你應該使用[** mysqli **](https://secure.php.net/manual/en/mysqli.prepare.php)或[** PDO **](https://secure.php.net/ manual/en/pdo.prepared-statements.php)準備帶有綁定參數的語句,如[**這篇文章**]所述(https://stackoverflow.com/questions/60174/how-can-i-prevent-sql步噴射功能於PHP)。 –