使用用戶名和密碼字段登錄的腳本

Question

對不起，但我再次以一個很長的帖子返回給那些可以花一點時間幫助困擾的noob的人。

我一直有一些困難，以前在這裏問過關於如何從數據庫中繪製任何用戶的名字和姓氏的指導，當在登錄時只給出用戶名和密碼時。

當我的代碼被編輯後，現在似乎任何人都可以用他們想要的任何方式登錄。

的login.php腳本如下：

<?php 
session_start(); 

require_once 'classes/membership.php'; 
$membership = new Membership(); 

// If the user clicks the "Log Out" link on the index page. 
if(isset($_GET['status']) && $_GET['status'] == 'loggedout') { 
    $membership->log_User_Out(); 
} 

// Did the user enter a password/username and click submit? 
if($_POST && !empty($_POST['username']) && !empty($_POST['pwd'])) { 
    $response = $membership->validate_User($_POST['username'], $_POST['pwd']); 
} 
?> 

這分排名第一Membership.php：

<?php 

require 'mysql.php'; 

class Membership { 

function validate_user($un, $pwd) { 
    $mysql = New Mysql(); 
    $ensure_credentials = $mysql->verify_Username_and_Pass($un, md5($pwd)); 

    list($ensureCredentials, $data) = $mysql->verify_Username_and_Pass($un, md5($pwd)); 
if($ensure_credentials) { 
    $_SESSION['status'] = 'authorized'; 
    $_SESSION['fname'] = $data['fname']; 
    $_SESSION['lname'] = $data['lname']; 
    header("location: medlem.php"); 
} else return "Please enter correct username and password"; 

} 

function log_User_Out() { 
    if(isset($_SESSION['status'])) { 
     unset($_SESSION['status']); 

     if(isset($_COOKIE[session_name()])) 
      setcookie(session_name(), '', time() - 1000); 
      session_destroy(); 
    } 
} 
function confirm_Member() { 
    session_start(); 
    if($_SESSION['status'] !='authorized') header("location: login.php"); 
} 
} 

，然後再點着mysql.php：

<?php 

require_once 'includes/constants.php'; 

class Mysql { 
private $conn; 

function __construct() { 
    $this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or 
        die('There was a problem connecting to the database.'); 
} 

function verify_Username_and_Pass($un, $pwd) { 

$query = "SELECT * 
     FROM users 
     WHERE username = ? AND password = ? 
     LIMIT 1"; 

if($stmt = $this->conn->prepare($query)) { 
    $stmt->bind_param('ss', $un, $pwd); 
    $stmt->execute(); 
    // UPDATE : I added correct usage of the stmt here.  
    $result = $stmt->get_result(); 
    if($row = $result->fetch_array()) { 
     $stmt->free_result(); 
     $stmt->close();     
     // returning an array the first item is the validation the second is the data. 
     return array(true, $row); 
    } 
} 
// if there is no just return empty data, and false for validation. 
return array(false, array()); 
} 
} 

爲了可重用性，我爲這個項目使用了常量：

<?php 

// Define constants here 

define('DB_SERVER', 'localhost'); 
define('DB_USER', 'myusername'); 
define('DB_PASSWORD', 'mypassword'); 
define('DB_NAME', 'sameige_membership'); 

使用此當前腳本集，它將使用我在用戶名和密碼字段中設置的任何內容進行登錄。網頁也應該發佈第一個和最後一個名字，告訴用戶他是否登錄了$ _SESSION（'fname/lname'）。

登錄的工作原理是當我恢復到原來的狀態時。在添加查詢部件以從數據庫中繪製名字和姓氏之前。

原來這裏是一個：

<?php 

require_once 'includes/constants.php'; 

class Mysql { 
private $conn; 

function __construct() { 
    $this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or 
        die('There was a problem connecting to the database.'); 
} 

function verify_Username_and_Pass($un, $pwd) { 

    $query = "SELECT * 
      FROM users 
      WHERE username = ? AND password = ? 
      LIMIT 1"; 

    if($stmt = $this->conn->prepare($query)) { 
     $stmt->bind_param('ss', $un, $pwd); 
     $stmt->execute(); 

     if($stmt->fetch()) { 
      $stmt->close(); 
      return true; 
     } 
    } 
    } 
} 

據我瞭解這scirpt應該比較$ _ POST [「用戶名」]/[「密碼」]，在數據庫中選擇的用戶名和密碼字段。如果他們是正確的，它應該回來登錄並重定向到medlem.php頁面。否則它應該返回以輸入正確的用戶名和密碼。

然而，這然後登錄和重定向。

對於我正在做的事情的任何回答都會大受歡迎，因爲我在這個問題上總是很高興。

問候，約什

Answer 1

您有關檢查用戶輸入的所有代碼首先是錯的...你應該檢查if isset($_POST['username'] && isset($_POST['password'])，而不是if($_POST)像你一樣。

第二你說：$response = $membership->validate_User($_POST['username'], $_POST['pwd']);和類是：validate_user ....這是區分大小寫的（使用Dreamweaver如果可以的話，它會警告你喜歡這些錯誤）

3解決這些問題，並再次檢查。

Answer 2

<?php 
session_start(); 

require_once 'classes/membership.php'; 
$membership = new Membership(); 

// If the user clicks the "Log Out" link on the index page. 
if(isset($_GET['status']) && $_GET['status'] == 'loggedout') { 
    $membership->log_User_Out(); 
} 

// Did the user enter a password/username and click submit? 

使用isset（$ _ POST ['submit']）來代替$ _POST和註釋方法是區分大小寫的。所以這將是validate_user不驗證_用戶

if(isset($_POST['submit']) && !empty($_POST['username']) && !empty($_POST['pwd'])) { 
    $response = $membership->validate_user($_POST['username'], $_POST['pwd']); 
} 
?> 

現在在你的MySQL。PHP，我會做這樣的：

<?php 

require_once 'includes/constants.php'; 

class Mysql { 
private $conn; 

function __construct() { 
    $this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or 
        die('There was a problem connecting to the database.'); 
} 

function verify_Username_and_Pass($un, $pwd) { 

$query = "SELECT * 
     FROM users 
     WHERE username = ? AND password = ? 
     LIMIT 1"; 

if($stmt = $this->conn->prepare($query)) { 
$stmt->bind_param('ss', $un, $pwd); 
$stmt->execute(); 
// UPDATE : I added correct usage of the stmt here.  
$result = $stmt->get_result(); 
if($row = $result->fetch_assoc()) { 
    $stmt->free_result(); 
    $stmt->close();      
     // returning an array the first item is the validation the second is the data. 

    $result['data']=$row; 
    $result['validation']=true; 

     return $result; 

    } 
} 
// if there is no just return empty data, and false for validation. 
$result['data']=array(); 
$result['validation']=false; 
return $result; 
} 
} 

現在我將有如下變化Membership.php

function validate_user($un, $pwd) { 
    $mysql = New Mysql(); 
    $ensure_credentials = $mysql->verify_Username_and_Pass($un, md5($pwd)); 
    $data=$ensure_credentials['data']; 
    $validation=$ensure_credentials['validation']; 

if($validation) { 
    $_SESSION['status'] = 'authorized'; 
    $_SESSION['fname'] = $data['fname']; 
    $_SESSION['lname'] = $data['lname']; 
    header("location: medlem.php"); 
} else return "Please enter correct username and password"; 

希望這對你的作品...... :)