0

我已经为此奋斗了 5 个小时,现在我的登录脚本没有返回任何内容。起初它允许有错误信息的人登录;我做了一些更改,它开始拒绝所有用户,即使是那些登录信息正确的用户。我删除了我的密码条件,它正确地检索了用户。然后我再次删除了用户名条件并将其替换为密码条件,它检索了所有具有相同密码的用户,但是当我同时满足这两个条件时null,它返回错误或正确的凭据......

<?php
  include( '../config.php' );

  session_start();
  if( isset( $_POST['login'] ) ) {
    $username = $_POST['username'];
    $password = mysql_real_escape_string(stripslashes($_POST['password']));     
    $salt = "ghvhgcfchgvbhvgkhbh";
    echo $username.'<br>';
    try{
      $con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
      $con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
      $sql = "SELECT * FROM users WHERE username = :username And password = :password LIMIT 1";

      $stmt = $con->prepare( $sql );
      $stmt->bindValue( "username", $username, PDO::PARAM_STR );
      $stmt->bindValue( "password", hash("sha256", $password . $salt), PDO::PARAM_STR );
      $stmt->execute();

      $valid = $stmt->fetch();
      echo '<br> it fetches'.$valid['username'];
      print_r($valid);
      $con = null;
      if( $valid ) {
        echo '<br> its valid';
        print_r($valid);
        $_SESSION['user'][0] = $valid['username'];
        if (isset( $_SESSION['errors'] )){unset($_SESSION['errors']);}
        //if(!empty($_SESSION['LogUrl'])){header("Location: ../{$_SESSION['LogUrl']}");}
        else{header("Location:   ../index.php"); }
      } else {
        $_SESSION['errors'] = 'AuthLogin';
        header("Location: AuthPage.php");
      }
    }
    catch (PDOException $e) {
      echo "chian ".$e->getMessage();
    }
  } else {
    echo 'Oops SeEye went blind!!!';
  }
?>

这是我的注册脚本,以防万一我的密码发生更改,我也没有注意到...

<?php
   include( '../config.php' );
   //Include The Database Connection File 

   if( (isset( $_POST['register'] )) && empty($_SESSION['user']))//If a username has been submitted 
    {
     $username = $_POST['usernam'];//Some clean up :)
     $password = $_POST['password'];//Some clean up :)
     $salt = "ghvhgcfchgvbhvgkhbh";

   try{
     $con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
     $con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
     $sql = "SELECT * FROM users WHERE username='.$username.'";

     $stmt = $con->prepare( $sql );

     $stmt->execute();

     $row  = $stmt-> fetch();
     $con = null;
     if( !$row) {
             try {
                $con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
                $con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
                $sql = "INSERT INTO users(username, password, Date_Joined) 
                VALUES(:username, :password,   :Date_Joined)";

    $stmt = $con->prepare( $sql );
    $stmt->bindValue( "username", $username, PDO::PARAM_STR );
    $stmt->bindValue( "password", hash("sha256", $password . $salt), PDO::PARAM_STR );
    $stmt->bindValue( "Date_Joined", date("Y-m-d"), PDO::PARAM_STR );
    $stmt->execute();
    $con = null;
    session_start();
    $_SESSION['user'][0] = $_POST['usernam'];
    if (isset( $_SESSION['errors'] )){unset($_SESSION['errors']);}
      if(!empty($_SESSION['LogUrl'])){header("Location: {$_SESSION['LogUrl']}");}
       else{header("Location: ../index.php"); }
   }catch( PDOException $e ) {
      echo $e->getMessage();
    }
   }
    else
       {
         echo '0ops something went wrong';//No Record Found - Username is available 
       }
  }catch (PDOException $e) {
  echo $e->getMessage();
  }
 } else {
     echo 'Oops SeEye went blind!!!';
   }
 ?>

再次提前谢谢你

4

0 回答 0