我試圖查找用戶數據,而用戶正試圖用我的mysql數據庫驗證他的帳戶。該功能會在開始密碼查找之前檢查用戶帳戶是否已禁用並已激活。PHP - if/else如果忽略數據庫結果以驗證請求
我的問題:即使我存儲值禁用行內,用戶仍然會進行身份驗證,即使壽if
行應該return 'disabled';
不應讓用戶進行身份驗證。
數據庫結構如下所示:
id | username | password | email | activation_id | activated | disabled
我已經在$rows
陣列內的數據記錄到在其上跳過if($rows[0]['activated'] == '0')
和else if($rows[0]['disabled'] == '1')
一個認證請求一個文本文件,它看起來像以下內容:
Array
(
[0] => Array
(
[activated] => 0
[disabled] => 1
)
)
身份驗證功能:
// Authenticate account function
function authenticate_account($username, $password)
{
$mysqli = new mysqli($this->host, $this->username, $this->password, $this->database);
if(mysqli_connect_error())
{
exit();
return false;
}
$userDataSql = "SELECT activated, disabled FROM users WHERE username = ?";
$stmtData = $mysqli->prepare($userDataSql);
$stmtData->bind_param("s", $username);
$stmtData->execute();
$result = $stmtData->get_result();
$rows = array();
while($row = $result->fetch_assoc())
{
$rows[] = $row;
}
$stmtData->close();
if($rows[0]['activated'] == '0')
{
return 'activate';
}
else if($rows[0]['disabled'] == '1')
{
return 'disabled';
}
else
{
$userAuthVerificationSql = "SELECT password FROM users WHERE username = ?";
$stmtAuthVerification = $mysqli->prepare($userAuthVerificationSql);
$stmtAuthVerification->bind_param("s", $username);
$stmtAuthVerification->execute();
$stmtAuthVerification->bind_result($userHash);
while ($stmtAuthVerification->fetch())
{
if ($username !== false && password_verify($password, $userHash))
{
$mysqli->close();
return true;
}
else
{
$mysqli->close();
return false;
}
}
$stmtAuthVerification->close();
}
}
它處理返回值210
代碼:
$authenticate_account = $authenticate->authenticateAccount();
if($authenticate_account == true)
{
session_start();
$_SESSION['username'] = $username;
header('location: /authenticated/index.php');
exit();
}
else if($authenticate_account == 'activate')
{
echo '<div class="alert alert-danger" role="alert">Error, your account is not activated. Please activate it by clicking on the link in the sent email!</div>';
}
else if($authenticate_account == 'disabled')
{
echo '<div class="alert alert-danger" role="alert">Error, your account is dissabled. Please contact the support!</div>';
}
else
{
echo '<div class="alert alert-danger" role="alert">Error, wrong user/password combination. Please try again!</div>';
}
你確定嗎?請注意,一個字符串將在鬆散比較中評估爲「真」。你如何使用函數的返回值? – jeroen
更新了問題,現在包含返回處理 – lulz
將if($ authenticate_account == true)'更改爲'if($ authenticate_account === true)'因爲字符串evalutes爲true, 'disabled'== true – ili4