我正在尝试创建用户登录验证脚本。我有两页,其中一页叫做 checklogin.php,代码如下:
<?php
session_start();
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="testdbpass"; // Mysql password
$db_name="test"; // Database name
$table = "users";
// Connect to server via PHP Data Object
$db = new PDO("mysql:host=localhost;dbname=test;", $username, $password);
$username = $_POST['username'];
$password = $_POST['password'];
if(isset($_POST['username']) && !empty($_POST['username'])
AND
isset($_POST['password']) && !empty($_POST['password']))
$pass = crypt($password . $row['salt']);
$statement->bindParam(':username', $username);
$query = ("SELECT * FROM $table WHERE username = :username");
$statement = $db->prepare($query);
$output = 'Login Error';
if ($statement->execute() && $row = $statement->fetch())
{
if ($row['password'] === $pass)
{
if ( $row['activated'] !== 0 ) {
$output = 'Not activiated wait for Administrator Approval';
$_SESSION['username'] = $username;
}
$output = 'Logged In';
}
}
echo $output;
$db = null;
?>
我有一个 register_script.php 页面,它是这个代码:
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="testdbpass"; // Mysql password
$db_name="test"; // Database name
// Connect to server via PHP Data Object
$dbh = new PDO("mysql:host=localhost;dbname=test;", $username, $password);
CRYPT_BLOWFISH or die ('No Blowfish found.');
//This string tells crypt to use blowfish for 15 rounds.
$Blowfish_Pre = '$2y$15$';
$Blowfish_End = '$';
// Blowfish accepts these characters for salts.
$Allowed_Chars =
'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./';
$Chars_Len = 63;
$Salt_Length = 45;
$salt = "";
for($x=0;$x<5000;$x++)
{
$salt .= $Allowed_Chars[mt_rand(0,$Chars_Len)];
}
$bcrypt_salt = $Blowfish_Pre . $salt . $Blowfish_End;
$password = $_POST['password'];
$hashed_password = crypt($password, $bcrypt_salt);
// Insert statements with PDO
try {
$query = $dbh->prepare("INSERT INTO `users_blowfish` (username, email, fname, lname, salt, password)
VALUES (:username, :email, :first, :last, :salt, :hash)");
$params = array(
'username' => $_POST['username'],
'email' => $_POST['email'],
'first' => $_POST['fname'],
'last' => $_POST['lname'],
'salt' => $bcrypt_salt,
'hash' => $hashed_password);
$query->execute($params);
}
catch (PDOException $e) {
error_log($e->getMessage());
die("An error occured, contact admin");
}
$dbh= null;
?>
<html>
<body>
<p>
Thank you for registering your account. Please wait for administrator approval before doing anything else. Thank you - System Administrator.
</p>
</body>
</html>
我尝试登录,但在我的 apache2 错误文件状态中收到错误日志:
[2012 年 12 月 22 日星期六 11:47:36] [错误] [客户端桌面] PHP 解析错误:语法错误,第 23 行 /var/www/version2/checklogin.php 中的意外 T_VARIABLE,引用者:* http://localhost/version2/
*
我似乎无法确定这个问题。我已经参考了 php.net 关于如何使用 PDO 但无济于事。问题是由 checklogin.php 引起的,因为 register_script.php 工作正常(几天前测试过)。任何帮助都会很可爱,谢谢。
编辑1:
第 23 行闲置:$statement->bindParam(':username', $username);
编辑 2:可能导致问题的行:
`$pass = crypt($password . $row['salt']);
$statement->bindParam(':username', $username);
$query = ("SELECT * FROM $table WHERE username = :username");
$statement = $db->prepare($query);
$output = 'Login Error';`