0

我目前正在关注 Youtube 上的一个名为 Register & Login/PHP tutorials 的教程,作者是来自 Phpacademy 的 Alex .. 在第 5 部分,这里是 login.php

<?php
include 'core/init.php';

if (empty($_POST) === false) { 

    $username = $_POST['username']; 
    $password = $_POST['password']; 

    if (empty($username) === true || empty($password) ===   true) {

        $errors[]  = 'You need to enter a username and password ';

    } else if (user_exists($username) === false) {
        $errors[] = 'We couldn\'t find that username. Have you registered?';
    } 
    else if (user_active($username) === false){
        $errors[] = 'You havn\'t activated your account!';  
    } 
    else  { 
        $login = login($username, $password);
        if ($login === false) {
            $error[] = 'That username/password combination is incorrect';
        } else {
        $_SESSION['user_id'] = $login;
        header('Location: index.php');
        exit();
        }
    } 

}

print_r($errors);

?>

这是users.php

<?php

function user_exists($username) { 
$username = sanitize($username); 
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '.$username'"), 0) == 1) ? true : false;
}

function user_active($username) { 
$username = sanitize($username); 
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '.$username'  AND `active` = 1 ") , 0 ) == 1 ) ? true : false;

}

function user_id_from_username($username){

    $username = sanitize($username);
    return mysql_result (mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username' "), 0, 'user_id');

}
function login($username, $password){

    $user_id = user_id_from_username($username);
    $username = sanitize($username);
    $password = md5($password);
    return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '.$username' AND `password` = '.$password'"), 0) == 1) ? $user_id : false;
}
?>

这是输出Array ( [0] => We couldn't find that username. Have you registered? )

我是新来的,提前道歉

4

4 回答 4

0 
WHERE `username` = '.$username' AND `password` = '.$password'"

删除点

于 2013-09-23T19:17:45.693 回答
0

您的 SQL 查询将返回错误的结果。.jond否则,如果他们输入的用户名是,您将在您的数据库中搜索jond

return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '.$username'"), 0) == 1) ? true : false;

删除查询中的.之前$username$password中。

"SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'"
于 2013-09-23T19:18:15.297 回答
0

您的查询需要稍微调整一下。删除用户名前面的句点,因为它在双引号内

return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'"), 0) == 1) ? true : false;

该文件中的其他查询也是如此。正如评论中提到的,您确实应该从已弃用的 mysql_* 函数切换到 PDO/mysqli 以便您的代码在未来的 PHP 版本中仍然可以工作,并且您不会对注入黑客持开放态度。

于 2013-09-23T19:18:29.213 回答
0

您的代码总体上非常可怕。你应该像这样嵌套你的 mysql 调用。像这样的嵌套意味着您认为数据库操作永远不会失败。这是一个非常糟糕的假设。

话虽如此,这至少是您的问题的一个来源:

return (...snip ... WHERE `username` = '.$username'"), 0) == 1) ? true : false;
                                        ^--- here

您已.在该查询中嵌入 a,使您的所有用户名看起来像.foo,而不仅仅是foo. 问题存在于user_exists(), user_active() AND login()中。

于 2013-09-23T19:19:07.167 回答