1

我不知道如何解决这个错误。如果用户输入错误的输入,我会在用户登录时得到一个空白页面。如果他们输入数据库中不存在的信息。请帮忙 :)

登录.php

<?php 
 include ("base.php");
 include ("passwordchecker.php");
 include ("functions.php");

    $error = "";

    function postInput($htmlName)
    {
        if(isset($_POST[$htmlName]))
        {
            return $_POST[$htmlName];
        }
        return null;
    }

    //check if the user is already login.
            if(isset($_SESSION['userid']))
            {
                //check the database for existing user.
                $usercheck = $mysqli->prepare("SELECT * FROM user WHERE userid = ?");
                $usercheck->bind_param("i",$_SESSION['userid']);
                $usercheck->execute();
                $usercheck->store_result();
                $results = $usercheck->num_rows;
                if($results == 1)
                {
                    redirect("languages.php");
                }
            }

    $loginusername = postInput('username');
    $loginpassword = postInput('password');



    if(isset($_POST['submit']))
    {

        if($loginusername == "" || $loginpassword == "")
        {
            $error = "Please Enter your user name and password";

        }
        else
        {
                //user isnt logged in
                if($stmt = $mysqli->prepare("SELECT userid, password FROM user WHERE username = ? LIMIT 1"))
                {
                    $stmt->bind_param("s",$loginusername);
                    $stmt->execute();
                    $stmt->bind_result($userid,$correctHash);
                    $stmt->fetch();
                    if(ValidatePassword($loginpassword,$correctHash))
                    {
                        $_SESSION['userid'] = $userid;
                        redirect('languages.php');
                    }
                    die();
                    $stmt->close();
                }
                else
                {
                    $error = "You dont exist in Database."
                }
        }
    }



?>

密码检查器.php

<?php
    function HashPassword($password)
    {
        $salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
        $hash = hash("sha256", $salt . $password);
        $final = $salt . $hash;
        return $final;
    }

    function ValidatePassword($password, $correcthash)
    {
        $salt = substr($correcthash, 0, 64);
        $validhash = substr($correcthash, 64, 64);

        $testhash = hash("sha256", $salt . $password);

        return $testhash == $validhash;
    }
?>

函数.php

<?php
    function redirect($page)
    {
        header("Location: " . $page);
        exit();
    }
?>

基础.php

 <?php
        session_start();

        $dbhost = "localhost";
        $dbname = "login";
        $dbuser = "root";
        $dbpass = "DirectedStudies2012";

    $mysqli = new mysqli($dbhost,$dbuser,$dbpass,$dbname);
?>
4

3 回答 3

2

您必须在以下条件中添加一个 else

            if(ValidatePassword($loginpassword,$correctHash))
            {
                $_SESSION['userid'] = $userid;
                redirect('languages.php');
            }

IE

            if(ValidatePassword($loginpassword,$correctHash))
            {
                $_SESSION['userid'] = $userid;
                redirect('languages.php');
            } else {
                redirect('backtoyourloginscreen.php');
            }

PS: $error = "你不存在于数据库中。" 缺少一个分号;)

于 2012-05-21T13:31:48.867 回答
0

尝试使用header("Location: ".your page)代替die()语句。

于 2012-05-21T13:37:16.050 回答
0

快速扫描您的代码,您似乎跟踪了一个 $error 变量,但并没有真正输出它。尝试回显它以将其发送给您的客户。

echo $error;
于 2012-05-21T13:24:11.530 回答