0

我正在尝试创建用户登录验证脚本。我有两页,其中一页叫做 checklogin.php,代码如下:

<?php 
session_start();

$host="localhost"; // Host name
$username="root"; // Mysql username
$password="testdbpass"; // Mysql password
$db_name="test"; // Database name
$table = "users";

// Connect to server via PHP Data Object
$db = new PDO("mysql:host=localhost;dbname=test;", $username, $password);

$username = $_POST['username'];
$password = $_POST['password'];


if(isset($_POST['username']) && !empty($_POST['username']) 
AND
isset($_POST['password']) && !empty($_POST['password']))

$pass = crypt($password . $row['salt']);
$statement->bindParam(':username', $username);
$query = ("SELECT * FROM $table WHERE username = :username");
$statement = $db->prepare($query);
$output = 'Login Error';

if ($statement->execute() && $row = $statement->fetch())

{
    if ($row['password'] === $pass)

        {
        if ( $row['activated'] !== 0 ) {
        $output = 'Not activiated wait for Administrator Approval';
        $_SESSION['username'] = $username;
        }
        $output = 'Logged In';
        }
    }

    echo $output;

   $db = null;
   ?>

我有一个 register_script.php 页面,它是这个代码:

<?php 

$host="localhost"; // Host name
$username="root"; // Mysql username
$password="testdbpass"; // Mysql password
$db_name="test"; // Database name

// Connect to server via PHP Data Object
$dbh = new PDO("mysql:host=localhost;dbname=test;", $username, $password);

CRYPT_BLOWFISH or die ('No Blowfish found.');

//This string tells crypt to use blowfish for 15 rounds.
$Blowfish_Pre = '$2y$15$';
$Blowfish_End = '$';

// Blowfish accepts these characters for salts.
$Allowed_Chars =
'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./';
$Chars_Len = 63;


$Salt_Length = 45;
$salt = "";

for($x=0;$x<5000;$x++)
{
$salt .= $Allowed_Chars[mt_rand(0,$Chars_Len)];
}
$bcrypt_salt = $Blowfish_Pre . $salt . $Blowfish_End;

$password = $_POST['password'];

$hashed_password = crypt($password, $bcrypt_salt);

// Insert statements with PDO 

try {
$query = $dbh->prepare("INSERT INTO `users_blowfish` (username, email,   fname, lname,   salt, password) 
                           VALUES (:username, :email,   :first, :last, :salt, :hash)");

    $params = array(
                    'username' => $_POST['username'],
                    'email' => $_POST['email'], 
                    'first' => $_POST['fname'],
                    'last' => $_POST['lname'],
                    'salt' => $bcrypt_salt,
                    'hash' => $hashed_password);

        $query->execute($params);

}

catch (PDOException $e) {
    error_log($e->getMessage());
    die("An error occured, contact admin");
}

$dbh= null;

?>

 <html>
<body>
    <p> 
        Thank you for registering your account. Please wait for   administrator approval before doing anything else. Thank you - System Administrator. 
    </p>
</body>
</html> 

我尝试登录,但在我的 apache2 错误文件状态中收到错误日志:

[2012 年 12 月 22 日星期六 11:47:36] [错误] [客户端桌面] PHP 解析错误:语法错误,第 23 行 /var/www/version2/checklogin.php 中的意外 T_VARIABLE,引用者:* http://localhost/version2/*

我似乎无法确定这个问题。我已经参考了 php.net 关于如何使用 PDO 但无济于事。问题是由 checklogin.php 引起的,因为 register_script.php 工作正常(几天前测试过)。任何帮助都会很可爱,谢谢。

编辑1:

第 23 行闲置:$statement->bindParam(':username', $username);

编辑 2:可能导致问题的行:

`$pass = crypt($password . $row['salt']);
 $statement->bindParam(':username', $username);
 $query = ("SELECT * FROM $table WHERE username = :username");
 $statement = $db->prepare($query);
 $output = 'Login Error';`
4

1 回答 1

3

您正在使用 $db->prepare() 两次,但您应该只使用一次,如下所示:

$query = "SELECT * FROM $table WHERE username = :username";
$statement = $db->prepare($query);

并确保您没有忘记这种情况下的花括号:

if(isset($_POST['username']) && !empty($_POST['username']) 
AND
isset($_POST['password']) && !empty($_POST['password']))
于 2012-12-22T17:17:36.150 回答