MySQL 登录系统未从数据库中获取结果
MySQL Login System doesn't get Results form the database
<?php
session_start();
include 'dbh.inc.php'; //The connection ($conn) is working
$errors = array();
//Login
if (isset($_POST['login'])) {
$username = $_POST['username'];
$password_1 = $_POST['password_1'];
if (empty($username)) {
array_push($errors, 'enter username');
}
if (empty($password_1)) {
array_push($errors, 'enter password');
}
if (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
array_push($errors, 'username not correct');
$username = "";
}
if (count($errors) == 0){ //The error is in this if condition
$password = password_hash($password_1, PASSWORD_DEFAULT);
$query = "SELECT * FROM users WHERE uidUsers=? AND pwdUsers=?";
$stmt = mysqli_stmt_init($conn);
mysqli_stmt_prepare($stmt, $query);
mysqli_stmt_bind_param($stmt,'ss', $username, $password);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$result = mysqli_stmt_num_rows($stmt);
if (mysqli_num_rows($result) == 1){
$_SESSION['uidUsers'] = $username;
$idUsers_query = "SELECT idUsers FROM users WHERE uidUsers=? AND pwdUsers=?";
$idUsers_stmt = mysqli_stmt_init($conn);
mysqli_stmt_prepare($idUsers_stmt, $idUsers_query);
mysqli_stmt_bind_param($idUsers_stmt,'ss', $username, $password);
mysqli_stmt_execute($idUsers_stmt);
mysqli_stmt_store_result($idUsers_stmt);
$idUsers_result = $idUsers_stmt->get_result();
$_SESSION['idUsers'] = $idUsers_result;
$username = "";
header("Location: https://...");
}
else{
array_push($errors,'username or password not correct');
}
}
}
?>
我的登录系统无法正常工作,因为我没有从我的数据库中获得结果或正确的结果。可能是因为数据库不接受“mysqli_stmt_store_result()”,但如果打开了 mysqlnd,我将无法查找(我的提供者无法更改它)。那么是我代码有误还是数据库有问题?
你不应该这样做:
$password = password_hash($password_1, PASSWORD_DEFAULT);
$query = "SELECT * FROM users WHERE uidUsers=? AND pwdUsers=?";
password_hash()
每次 运行 都不会产生相同的散列。
你应该运行查询uid,取回密码,然后使用password_verify()
。
我不使用 mysqli,所以我不适合使用它的各种选项。当您通过代码回显各种调试点时,它达到了多远?
你似乎 运行 两次相同的查询,而且你第一次使用 $idUsers_stmt
绑定参数时尽管它当时不存在。我想这会停止工作,但你可以很容易地调试它。
<?php
session_start();
include 'dbh.inc.php'; //The connection ($conn) is working
$errors = array();
//Login
if (isset($_POST['login'])) {
$username = $_POST['username'];
$password_1 = $_POST['password_1'];
if (empty($username)) {
array_push($errors, 'enter username');
}
if (empty($password_1)) {
array_push($errors, 'enter password');
}
if (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
array_push($errors, 'username not correct');
$username = "";
}
if (count($errors) == 0){ //The error is in this if condition
$password = password_hash($password_1, PASSWORD_DEFAULT);
$query = "SELECT * FROM users WHERE uidUsers=? AND pwdUsers=?";
$stmt = mysqli_stmt_init($conn);
mysqli_stmt_prepare($stmt, $query);
mysqli_stmt_bind_param($stmt,'ss', $username, $password);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$result = mysqli_stmt_num_rows($stmt);
if (mysqli_num_rows($result) == 1){
$_SESSION['uidUsers'] = $username;
$idUsers_query = "SELECT idUsers FROM users WHERE uidUsers=? AND pwdUsers=?";
$idUsers_stmt = mysqli_stmt_init($conn);
mysqli_stmt_prepare($idUsers_stmt, $idUsers_query);
mysqli_stmt_bind_param($idUsers_stmt,'ss', $username, $password);
mysqli_stmt_execute($idUsers_stmt);
mysqli_stmt_store_result($idUsers_stmt);
$idUsers_result = $idUsers_stmt->get_result();
$_SESSION['idUsers'] = $idUsers_result;
$username = "";
header("Location: https://...");
}
else{
array_push($errors,'username or password not correct');
}
}
}
?>
我的登录系统无法正常工作,因为我没有从我的数据库中获得结果或正确的结果。可能是因为数据库不接受“mysqli_stmt_store_result()”,但如果打开了 mysqlnd,我将无法查找(我的提供者无法更改它)。那么是我代码有误还是数据库有问题?
你不应该这样做:
$password = password_hash($password_1, PASSWORD_DEFAULT);
$query = "SELECT * FROM users WHERE uidUsers=? AND pwdUsers=?";
password_hash()
每次 运行 都不会产生相同的散列。
你应该运行查询uid,取回密码,然后使用password_verify()
。
我不使用 mysqli,所以我不适合使用它的各种选项。当您通过代码回显各种调试点时,它达到了多远?
你似乎 运行 两次相同的查询,而且你第一次使用 $idUsers_stmt
绑定参数时尽管它当时不存在。我想这会停止工作,但你可以很容易地调试它。