0

我正在尝试让我的登录脚本使用 PDO 工作。我遇到的问题是,当用户输入他/她的用户名和密码时,即使密码正确,它也会转到显示不正确的代码部分。我可以做些什么来解决这个问题,我可以在哪里实现 PDO 错误以显示可能有助于诊断问题。

index.php 中的登录脚本

<?
//Login Script
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
    $user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["user_login"]); // filter everything but numbers and letters
    $password_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password_login"]); // filter everything but numbers and letters
    $password_login=md5($password_login);
    $db = new PDO('mysql:host=localhost;dbname=socialnetwork', 'root', 'abc123');
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $sql = "SELECT id FROM users WHERE username = ':user_login' AND password = ':password_login' LIMIT 1";
    $db->prepare($sql);
    if ($db->execute(array(
    ':user_login' => $user_login,
    ':password_login' => $password_login))); {
        if ($sql->rowCount() > 0){
            while($row = $sql->fetch($sql)){
                $id = $row["id"];
            }
            $_SESSION["id"] = $id;
            $_SESSION["user_login"] = $user_login;
            $_SESSION["password_login"] = $password_login;
            exit("<meta http-equiv=\"refresh\" content=\"0\">");
        } else {
            echo 'Either the password or username you have entered is incorrect. Please check them and try again!';
            exit();
        }
    }
}
?>

索引.php

<? include("inc/incfiles/header.inc.php"); ?>
<?
$reg = @$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; //Password 2
$d = ""; //Sign up Date
$u_check = ""; //Check if username exists
//registration form
$fn = @$_POST['fname'];
$ln = @$_POST['lname'];
$un = @$_POST['username'];
$em = @$_POST['email'];
$em2 = @$_POST['email2'];
$pswd = @$_POST['password'];
$pswd2 = @$_POST['password2'];
$d = date("y-m-d"); // Year - Month - Day

if ($reg) {
    if ($em==$em2) {
        // Check if user already exists
        $statement = $db->prepare('SELECT username FROM users WHERE username = :username');
            if ($statement->execute(array(':username' => $un))) {
                if ($statement->rowCount() > 0){
                    //user exists
                    echo "Username already exists, please choose another user name.";
                    exit();
                }
            }
                    //check all of the fields have been filled in
                        if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
                            //check that passwords match
                                if ($pswd==$pswd2) {
                                    //check the maximum length of username/first name/last name does not exceed 25 characters
                                        if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
                                            echo "The maximum limit for username/first name/last name is 25 characters!";
                                        }
                                        else
                                            {
                                                //check the length of the password is between 5 and 30 characters long
                                                    if (strlen($pswd)>30||strlen($pswd)<5) {
                                                        echo "Your password must be between 5 and 30 characters long!";
                                                    }
                                                    else
                                                        {
                                                            //encrypt password and password 2 using md5 before sending to database
                                                                $pswd = md5($pswd);

                                                                $pswd2 = md5($pswd2);

                                                                $db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING );
                                                                $sql = 'INSERT INTO users (username, first_name, last_name, email, password, sign_up_date)';
                                                                $sql .= 'VALUES (:username, :first_name, :last_name, :email, :password, :sign_up_date)';

                                                                $query=$db->prepare($sql);

                                                                $query->bindParam(':username', $un, PDO::PARAM_STR);
                                                                $query->bindParam(':first_name', $fn, PDO::PARAM_STR);
                                                                $query->bindParam(':last_name', $ln, PDO::PARAM_STR);
                                                                $query->bindParam(':email', $em, PDO::PARAM_STR);
                                                                $query->bindParam(':password', $pswd, PDO::PARAM_STR);
                                                                $query->bindParam(':sign_up_date', $d, PDO::PARAM_STR);

                                                                $query->execute();

                                                                $query=$db->prepare($sql);

                                                                $array = array(
                                                                ':username' => $un,
                                                                ':first_name' => $fn,
                                                                ':last_name' => $ln,
                                                                ':email' => $em,
                                                                ':password' => $pswd,
                                                                ':sign_up_date' => $d);
                                                                $query->execute($array);

                                                                die("<h2>Welcome to Rebel Connect</h2>Login to your account to get started.");
                                                        }
                                            }
                                }
                                else {
                                    echo "Your passwords do not match!";
                                }
                        }
                else
                    {
                        echo "Please fill in all fields!";
                    }
            }
    else {
        echo "Your e-mails don't match!";
    }
}
?>
<?
//Login Script
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
    $user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["user_login"]); // filter everything but numbers and letters
    $password_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password_login"]); // filter everything but numbers and letters
    $password_login=md5($password_login);
    $db = new PDO('mysql:host=localhost;dbname=socialnetwork', 'root', 'abc123');
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $sql = "SELECT id FROM users WHERE username = ':user_login' AND password = ':password_login' LIMIT 1";
    $db->prepare($sql);
    if ($db->execute(array(
    ':user_login' => $user_login,
    ':password_login' => $password_login))); {
        if ($sql->rowCount() > 0){
            while($row = $sql->fetch($sql)){
                $id = $row["id"];
            }
            $_SESSION["id"] = $id;
            $_SESSION["user_login"] = $user_login;
            $_SESSION["password_login"] = $password_login;
            exit("<meta http-equiv=\"refresh\" content=\"0\">");
        } else {
            echo 'Either the password or username you have entered is incorrect. Please check them and try again!';
            exit();
        }
    }
}
?>
<table class="homepageTable">
        <tr>
            <td width="60%" valign="top">
             <h2>Already a member? Login below.</h2>
             <form action="index.php" method="post" name="form1" id="form1">
                <input type="text" size="25" name="user_login" id="user_login" placeholder="username" />
                <br />
                <input type="password" size="25" name="password_login" id="password_login" placeholder="password" />
                <br />
                <input type="submit" name="button" id="button" value="Login to your account!">
             </form>
            </td>
            <td width="40%" valign="top">
             <h2>Sign up below...</h2>
            <form action="#" method="post">
            <input type="text" size="25" name="fname" placeholder="First Name" value="<? echo $fn; ?>">
            <input type="text" size="25" name="lname" placeholder="Last Name" value="<? echo $ln; ?>">
            <input type="text" size="25" name="username" placeholder="Username" value="<? echo $un; ?>">
            <input type="text" size="25" name="email" placeholder="Email" value="<? echo $em; ?>">
            <input type="text" size="25" name="email2" placeholder="Re-enter Email" value="<? echo $em2; ?>">
            <input type="password" size="25" name="password" placeholder="password" value="<? echo $pswd; ?>">
            <input type="password" size="25" name="password2" placeholder="Re-enter Password" value="<? echo $pswd2; ?>"><br />
            <input type="submit" name="reg" value="Sign Up!">
            </form>
            </td>
        </tr>
</table>
</body>
</html>

注销.php

<?
session_start();
session_destroy();
header("Location: index.php");
?>

主页.php

<?
session_start();
$user = $_SESSION["user_login"];
//If the user is not logged in
if (!isset($_SESSION["user_login"])) {
    header("location: index.php");
    exit();
}
else
{
//If the user is logged in
echo "Hi, $user, You're logged in<br />Welcome to what is soon to be your NEWSFEED 
<a href=\"logout.php\">Logout?</a>
";
}
?>

header.inc.php

<?
include ("inc/scripts/db_connect.inc.php");
session_start();
if (!isset($_SESSION["user_login"])) {

}
else
{
header("location: home.php");
}
?>
<html>
<head>
<link href="css/main.css" rel="stylesheet" type="text/css">
<title>Rebel Reach - PHS Student Social Network</title>
</head>
<body>
<div class="headerMenu">
      <div id="wrapper">
            <div class="logo">
                  <img src="img/find_friends_logo.png">
            </div>
            <div class="search_box">
                  <form method="get" action="search.php" id="search">
                  <input name="q" type="text" size="60" placeholder="Search..." />
                  </form>
            </div>
            <div id="menu">
                  <a href="#">Home</a>
                  <a href="#">About</a>
                  <a href="#">Sign Up</a>
                  <a href="#">Login</a>
            </div>
      </div>
</div>
<br />
<br />
<br />
<br />
4

3 回答 3

1

不是答案,而是对您的代码的一些建议,这些建议不适合评论。你可以大大减少你的代码;实际上你不应该经常重复功能......你可以减少:

$fn = ""; //First Name
$ln = ""; //Last Name
...
$fn = @$_POST['fname'];
$ln = @$_POST['lname'];
...

像这样写一半:

$fn = (!empty($_POST['fname'])) ? $_POST['fname'] : '';
$ln = (!empty($_POST['lname'])) ? $_POST['lname'] : '';
$un = (!empty($_POST['username'])) ? $_POST['username'] : '';
$em = (!empty($_POST['email'])) ? $_POST['email'] : '';
$em2 = (!empty($_POST['email2'])) ? $_POST['email2'] : '';
$pswd = (!empty($_POST['password'])) ? $_POST['password'] : '';
$pswd2 = (!empty($_POST['password2'])) ? $_POST['password2'] : '';

此外,尽管这需要一些其他更改,但您可以通过将其写入如下数组中来将其减少到几行:

// Retrieve user data
foreach (array('fname', 'lname', 'username', 'email', 'email2', 'password', 'password2') as $Value)
  $User[$Value] = (!empty($_POST[$Value])) ? $_POST[$Value] : '';
于 2013-03-05T16:24:38.397 回答
0

重新解决您的“致命错误:在 ... 第 110 行调用未定义的方法 PDO::execute()”问题:

“execute()”是 PDOStatement 中的一种方法,而不是 PDO,这就是为什么你的“$db->e​​xecute...”会爆炸的原因。

(我知道这应该是评论,但我还不允许。对不起)

于 2013-03-05T19:57:54.630 回答
0

我认为你的问题在这里:

"SELECT id FROM users WHERE username = ':user_login' AND password = ':password_login' LIMIT 1";

当您使用 PDO 准备方法时,例如?或:不要使用单引号 (')。

像这样纠正它:

"SELECT id FROM users WHERE username = :user_login AND password = :password_login LIMIT 1";

我希望现在它会起作用!

于 2013-03-05T16:18:56.820 回答