1. 首頁
  2. 問答
  3. PHP - if/else如果忽略數據庫結果以驗證請求

PHP - if/else如果忽略數據庫結果以驗證請求

2017-09-14 48 views
1

我試圖查找用戶數據,而用戶正試圖用我的mysql數據庫驗證他的帳戶。該功能會在開始密碼查找之前檢查用戶帳戶是否已禁用並已激活。PHP - if/else如果忽略數據庫結果以驗證請求

我的問題:即使我存儲值禁用行內,用戶仍然會進行身份驗證,即使壽if行應該return 'disabled';不應讓用戶進行身份驗證。

數據庫結構如下所示:

id | username | password | email | activation_id | activated | disabled

我已經在$rows陣列內的數據記錄到在其上跳過if($rows[0]['activated'] == '0')else if($rows[0]['disabled'] == '1')一個認證請求一個文本文件,它看起來像以下內容:

Array 
(
    [0] => Array 
     (
      [activated] => 0 
      [disabled] => 1 
     ) 
)

身份驗證功能:

// Authenticate account function 
function authenticate_account($username, $password) 
{ 
    $mysqli = new mysqli($this->host, $this->username, $this->password, $this->database); 

    if(mysqli_connect_error()) 
    { 
     exit(); 
     return false; 
    } 

    $userDataSql = "SELECT activated, disabled FROM users WHERE username = ?"; 
    $stmtData = $mysqli->prepare($userDataSql); 
    $stmtData->bind_param("s", $username); 
    $stmtData->execute(); 
    $result = $stmtData->get_result(); 
    $rows = array(); 

    while($row = $result->fetch_assoc()) 
    { 
     $rows[] = $row; 
    } 

    $stmtData->close(); 

    if($rows[0]['activated'] == '0') 
    { 
     return 'activate'; 
    } 
    else if($rows[0]['disabled'] == '1') 
    { 
     return 'disabled'; 
    } 
    else 
    { 
     $userAuthVerificationSql = "SELECT password FROM users WHERE username = ?"; 
     $stmtAuthVerification = $mysqli->prepare($userAuthVerificationSql); 
     $stmtAuthVerification->bind_param("s", $username); 
     $stmtAuthVerification->execute(); 
     $stmtAuthVerification->bind_result($userHash); 

     while ($stmtAuthVerification->fetch()) 
     { 
      if ($username !== false && password_verify($password, $userHash)) 
      { 
       $mysqli->close(); 
       return true; 
      } 
      else 
      { 
       $mysqli->close(); 
       return false; 
      } 
     } 

     $stmtAuthVerification->close(); 
    } 
}
它處理返回值210

代碼:

$authenticate_account = $authenticate->authenticateAccount(); 

if($authenticate_account == true) 
{ 
    session_start(); 
    $_SESSION['username'] = $username; 
    header('location: /authenticated/index.php'); 
    exit(); 
} 
else if($authenticate_account == 'activate') 
{ 
    echo '<div class="alert alert-danger" role="alert">Error, your account is not activated. Please activate it by clicking on the link in the sent email!</div>'; 
} 
else if($authenticate_account == 'disabled') 
{ 
    echo '<div class="alert alert-danger" role="alert">Error, your account is dissabled. Please contact the support!</div>'; 
} 
else 
{ 
    echo '<div class="alert alert-danger" role="alert">Error, wrong user/password combination. Please try again!</div>'; 
}

來源

2017-09-14 lulz

+0

你確定嗎?請注意,一個字符串將在鬆散比較中評估爲「真」。你如何使用函數的返回值? – jeroen

+0

更新了問題,現在包含返回處理 – lulz

+0

將if($ authenticate_account == true)'更改爲'if($ authenticate_account === true)'因爲字符串evalutes爲true, 'disabled'== true – ili4

回答

1

這是你的問題:

if($authenticate_account == true)

需要注意的是:

if('any non-empty string' == true)

將評估爲true,因此適用於幾乎所有的的回報值,true,'disabled''activate'

使用===而不是==來避免這種情況;然後檢查true值和boolean類型。

來源

2017-09-14 12:45:05 jeroen

+1

它工作!哇,我不知道。每天學習新東西。謝謝! – lulz

0

嘗試掰你的代碼(這也避免了嵌套):

if (!$rows[0]['activated']) 
    return 'activate'; 
else if ($rows[0]['disabled']) 
    return 'disabled'; 

*Do the authentication here

它會檢查,如果該行被激活,如果它被禁用。如果通過,您將繼續運行身份驗證內容。

來源

2017-09-14 12:49:36

相關問題

 相關問題