0

嘿伙计们,stackoverflow 上的每个人都在让我的注册页面正常工作和安全方面提供了很大的帮助退出我的登录页面,因为低,看教程又一次失败了..

这是我的注册页面的代码......它工作得很好,它将信息保存到数据库并加密密码......

<?php

if(isset($_POST['username']) && isset($_POST['password']))
{
   $db =connect('******','******');
   if($db!=false)
{
   register($db);
   echo "User registered";
}

}

function connect($dbuser,$dbpassword)
{
    try{
        $db = new  PDO('mysql:host=localhost;dbname=login',$dbuser,$dbpassword);
        return $db;
    }catch(PDOException $e){
        echo $e;
        return false;}
}

function register($db)
{
    $user = mysql_real_escape_string($_POST['username']);
    $password = shal($_POST['password']);
    $email = mysql_real_escape_string($_POST['e_mail']);

    $query = "INSERT INTO members(username,password,email) values('".$user."','".$password."','".$email."')";
    try{
        $db->eginTransaction();
        $db->exec($query);
        $db->commit();
        echo "commit succesful";
    }catch(Exception $e){}
}




?>


<!DOCTYPE html>
<html>
<head>
</head>
<body>
<form action="http://localhost/projects/login/rigister/php" method="post">
username:<input type="text" name="username"/>
password:<input type="password" name="password"/>
email<input type="text" name="e_mail"/>
<input type="submit"/>

</form>


</body>
</html>

这是不适用于我的登录页面的代码.....

<?php

session_start();

if(isset($_SESSION['user']))
{
echo "WELCOME you are logged in";   
}

if(isset($_POST['user']) && isset($_POST['password']))
{
$user = mysql_real_escape_string($_POST['username']);
$password = shal1($_POST['password']);

$db = connect('******','******');
$eval = validate($db,$username,$password);
}
if($eval!=false)
{
    echo "Welcome ".$eval; 
    $_SESSION['username']=$eval;
    }


function connect($dbuser,$dbpassword)
{
    try{
        $db = new PDO('mysql:host=localhost;dbname=jsnow_login',    '*****' , '*****');
        return $db;
    }catch(PDOException $e){
        echo $e;
        return false;}
}

function validate($db, $user,$password)
{
    $username=false;
    $query = "Select username,password FROM jsnow_members where username  ='".$username."' AND password = '".$password."'";
        try{
            $db->beginTransaction();
            $result = $db->query($query);

            foreach($result as $row)
            {
                $username = $row['username'];   
            }
            $db->commit();

            return $username;
        }catch(Exception $e){}
}



?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<form action="http://vps8383.inmotionhosting.com/~jsnow/login.php">
username: <input type="text" name="username"/>
password: <input type="password" name="password"/>
<input type="submit"/>
</body>
</html>

...... 数据库名称是 jsnow_members,字段是用户名、密码和电子邮件

4

1 回答 1

0

好吧,我相信这将是问题所在:

function validate($db, $user,$password) {
    $username=false;
    $query = "Select username,password FROM jsnow_members where username  ='".$username."' AND password = '".$password."'";

在这里,您正在查询数据库中的username = false. 您已将 username 变量传递为$user,因此您应该将其更改为

$query = "Select username,password FROM jsnow_members where username  ='".$user."' AND password = '".$password."'";

除此之外,由于您没有修改任何数据,因此不需要事务。

编辑:为了进一步解决您的问题,我重写了您的validate函数:

function validate($db, $user,$password) {
    $query = "Select username,password FROM jsnow_members where username  ='".$username."' AND password = '".$password."'";
    $stmt = $db->query($query);
    if ($stmt === false) return false;
    return $stmt->fetchColumn();
}
于 2013-10-17T00:15:30.517 回答