1. 首頁
  2. 問答
  3. 使用PHP和MYSQL創建登錄腳本

使用PHP和MYSQL創建登錄腳本

2014-11-09 57 views
2

我試圖在託管的網頁上創建一個簡單的登錄系統。我有一個使用phpMyAdmin創建的MySQL數據庫和表。數據庫,HTML和PHP文件託管在同一臺服務器上。我可以添加用戶,帳戶信息出現在表格中。問題在於登錄。我總是收到「登錄失敗錯誤」。我用過的教程是located here。我已經檢查並重新檢查了錯誤密碼,我不認爲這是問題。我相信這個問題與fetchColumn()命令有關。從我研究的內容來看,這個命令抓取下一行,這對我來說沒有意義,因爲用戶名,密碼和用戶ID都位於同一行,只是不同的列。使用PHP和MYSQL創建登錄腳本

這是用戶提交信息,然後調用登錄腳本的形式。下面的代碼有兩種形式;第一種形式是什麼在這個問題上很重要。

<?php 

/*** begin our session ***/ 
session_start(); 

/*** set a form token ***/ 
$form_token = md5(uniqid('auth', true)); 

/*** set the session form token ***/ 
$_SESSION['form_token'] = $form_token; 
?> 

<html> 
<head> 
<title>Log In Page</title> 
<link rel="stylesheet" type="text/css" href="formstyle.css"> 
</head> 

<header> 
Log In Page 
</header> 

<body> 
<h2>Log In</h2> 
<form action="login_submit.php" method="post"> 
<fieldset id="forms" > 
<p> 
<label for="username">Username</label> 
<input type="text" id="username" name="username" value="" maxlength="20"/> 
</p> 
<p> 
<label for="password">Password</label> 
<input type="text" id="password" name="password" value="" maxlength="20"/> 
</p> 
<p> 
<input type="submit" value="Login"/> 
</p> 
</fieldset> 
</form> 

<h2>Create Account</h2> 
<form action="adduser_submit.php" method="post"> 
<fieldset id="forms" > 
<p> 
<label for="username">Username</label> 
<input type="text" id="username" name="username" value="" maxlength="20"/> 
</p> 
<p> 
<label for="password">Password</label> 
<input type="text" id="password" name="password" value="" maxlength="20"/> 
</p> 
<p> 
<input type="hidden" name="form_token" value="<?php echo $form_token; ?>" /> 
<input type="submit" value="Sign Up"/> 
</p> 
</fieldset> 
</form> 
</body> 
</html>

這是login_submit腳本。

 <?php 

    /*** begin our session ***/ 
    session_start(); 

    /*** check if the user is already logged in ***/ 
    if(isset($_SESSION['userID'])) 
    { 
     $message = 'User is already logged in'; 
    } 
    /*** check that both the username and password have been submitted ***/ 
    if(!isset($_POST['username'], $_POST['password'])) 
    { 
     $message = 'Please enter a valid username and password'; 
    } 
    /*** check the username is the correct length ***/ 
    elseif (strlen($_POST['username']) > 20 || strlen($_POST['username']) < 4) 
    { 
     $message = 'Incorrect Length for Username'; 
    } `enter code here` 
    /*** check the password is the correct length ***/ 
    elseif (strlen($_POST['password']) > 20 || strlen($_POST['password']) < 4) 
    { 
     $message = 'Incorrect Length for Password'; 
    } 
    /*** check the username has only alpha numeric characters ***/ 
    elseif (ctype_alnum($_POST['username']) != true) 
    { 
     /*** if there is no match ***/ 
     $message = "Username must be alpha numeric"; 
    } 
    else 
    { 
     /*** if we are here the data is valid and we can insert it into database ***/ 
     $username = filter_var($_POST['username'], FILTER_SANITIZE_STRING); 
     $password = filter_var($_POST['password'], FILTER_SANITIZE_STRING); 

     /*** now we can encrypt the password ***/ 
     $password = sha1($password); 

     /*** connect to database ***/ 
     /*** mysql hostname ***/ 
     $mysql_hostname = 'localhost'; 

     /*** mysql username ***/ 
     $mysql_username = 'neticl5'; 

     /*** mysql password ***/ 
     $mysql_password = 'corrupted707'; 

     /*** database name ***/ 
     $mysql_dbname = 'neticl5_apptest'; 

     try 
     { 
      $dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password); 
      /*** $message = a message saying we have connected ***/ 

      /*** set the error mode to excptions ***/ 
      $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 

      /*** prepare the select statement ***/ 
      $stmt = $dbh->prepare('SELECT userID, username, password FROM useraccounts 
         WHERE username = :username AND password = :password'); 

      /*** bind the parameters ***/ 
      $stmt->bindParam(':username', $username, PDO::PARAM_STR); 
      $stmt->bindParam(':password', $password, PDO::PARAM_STR, 40); 

      /*** execute the prepared statement ***/ 
      $stmt->execute(); 

      /*** check for a result ***/ 
      $userID = $stmt->fetchColumn(); 

     /*** if we have no result then fail boat ***/ 
      if($userID == false) 
      { 
        $message = 'Login Failed'; 
      } 
     /*** if we do have a result, all is well ***/ 
      else 
      { 
        /*** set the session user_id variable ***/ 
        $_SESSION['userID'] = $userID; 

        /*** tell the user we are logged in ***/ 
        $message = 'You are now logged in'; 
      } 
     } 
     catch(Exception $e) 
     { 
      /*** if we are here, something has gone wrong with the database ***/ 
      $message = 'We are unable to process your request. Please try again later'; 
     } 
    } 
    ?> 

<html> 
<head> 
<title>Log In</title> 
</head> 
<body> 
<p><?php echo $message; ?></p> 
</body> 
</html>

來源

2014-11-09 Cherokee Lakes

+0

我想閱讀該教程嗎?呵呵 – 2014-11-09 03:34:34

+0

PHP開啓標籤('<?php')之前的空白是有問題的。在調用'session_open()'](http://php.net/session_start#refsect1-function.session-start-notes)之前,你不能發送任何*輸出。 – 2014-11-09 05:00:57

回答

0

我已經回答了我自己的問題。數據庫中的密碼字段未設置爲正確的長度。用戶的字段要求它最大爲20.數據庫中的字段需要設置爲正確的加密限制。

來源

2014-11-09 04:28:28

相關問題

 相關問題