0

我又来了,我真的找不到原因的更多问题。

下面的代码正在产生:“问题”,这意味着第一个 IF 语句是假的,应该是真的。

PHP:

function login($email, $password, $mysqli) {
    //Use prepared statements to stop SQL Injection
    if ($stmt = $mysqli->prepare("SELECT id, email, password, salt, perms FROM users WHERE email = ? LIMIT = 1")) {
        $stmt->bind_param('s', $email); //Bind "$email" to paramater
        $stmt->execute(); //Execute the query
        $stmt->store_result();
        $stmt->bind_result($user_id, $email, $db_password, $salt, $perms); //get variables from result
        $stmt->fetch();
        $password = hash('sha512', $password.$salt); //hash the password with the unique salt

        if ($stmt->num_rows == 1) { //If user exists
            //Check that user account isn't locked
            if (checkbrute($user_id, $mysqli) == true) {
                //Account is locked, alert user
                return false;
            } else {
                if ($db_password == $password) { //Check that passwords match
                    //matches
                    echo "matches";
                }
            }
        } else {
            echo "No user found!";  
        }
    } else { 
        echo "Issue";
    }
}

$email 和 $password 不为空,$mysqli 是数据库对象。有任何想法吗?我根本想不通,对我来说一切都很好。

4

2 回答 2

3

你真的应该添加mysql错误报告。它会告诉您在您的查询中存在问题LIMIT = 1

查询应该是:

SELECT id, email, password, salt, perms FROM users WHERE email = ? LIMIT 1

要添加错误报告,请将其更改echo "issue";为:

echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
于 2013-11-13T19:34:07.177 回答
3

Limit = 1应该是LIMIT 1。这是if更正后的:

if ($stmt = $mysqli->prepare("SELECT id, email, password, salt, perms FROM users WHERE email = ? LIMIT 1"))
于 2013-11-13T19:34:15.547 回答