dpeqsfx5186
2018-08-29 14:50
浏览 52
已采纳

无法使用OOP PHP登录(准备好的声明)

Recently I've been struggling in creating Login System using OOP PHP with Prepared Statement. When I clicked the login button after inputted the correct username and password, it still validate that I inputted the wrong username and password. Here's my code. Any help would be appreciated. Thanks!

login.php

<?php 
    require_once 'templates/header.php';
?>

<link rel="stylesheet" type="text/css" href="styles/login-style.css">

<script type="text/javascript" src="https://code.jquery.com/jquery- 
3.3.1.min.js"></script>

<script type="text/javascript">

$(document).ready(function(){
    $('#login').click(function(event){
        event.preventDefault();
        var username = $('#usernameID').val();
        var password = $('#passwordID').val();

        $.post("validation/validation_login.php",{
            user_val : username,
            password_val : password,

        },function(data){
            $('.error-message').html(data);
        });
    });
});

</script>

<title>Login</title>
<form>
    <h1>Login</h1>
    <input type="text" id="usernameID" name="username" 
    placeholder="Username" autocomplete="off"> <br>

    <input type="password" id="passwordID" name="password" 
    placeholder="Password" autocomplete="off"> <br>

    <input type="button" id="login" name="register-button" value="Login">

</form>

<div class="error-message">

</div>

<?php 
    require_once 'templates/footer.php';
?>

validation_login.php

<?php 

    require_once '../classes/input.php';
    require_once '../classes/session.php';
    require_once '../classes/database.php';

    class validation_login{

        private $username,$password;
        public $errorMessage;

        public function validate_login(){
            $db = new database();
            $this->username = input::get('user_val');
            $this->password = input::get('password_val');

            if(empty($this->username) || empty($this->password)){
                $this->errorMessage = "Please fill all the fields!";
                return false;
            }else if(!$db->login()){
                $this->errorMessage = "Invalid username or password!";
                return false;
            }else{
                session::set('username',$this->username);
                header('Location: index.php');
                return true;
            }
        }
    }

    $validate_login = new validation_login();
    $validate_login->validate_login();

    echo "$validate_login->errorMessage";

?>

database.php

<?php 

    class database{

        //db_initialization
        private $HOST = 'localhost',
        $USERNAME = 'root',
        $PASSWORD = '',
        $DBNAME = 'auth',
        $connect;

        //db_insert
        private $usernameInput,
        $firstnameInput,
        $lastnameInput,
        $passwordInput,
        $hashedPassword;

        public function __construct(){
            $this->connect = new mysqli($this->HOST,$this->USERNAME,   
            $this->PASSWORD,$this->DBNAME) or die('connection error');
        }

        public function insert_data(){
            $sql = "INSERT INTO users 
            (username,first_name,last_name,password) VALUES (?,?,?,?)";
            if($statement = $this->connect->prepare($sql)){
                $this->usernameInput = input::get('user_val');
                $this->firstnameInput = input::get('first_name_val');
                $this->lastnameInput = input::get('last_name_val');
                $this->passwordInput = input::get('password_val');
                $this->hashedPassword = password_hash( $this->passwordInput,                 
                PASSWORD_DEFAULT);

                $statement->bind_param("ssss",$this->usernameInput,    
                $this- >firstnameInput,$this->lastnameInput,           
                $this->hashedPassword);
                $statement->execute();
            }
        }

        public function validate_same_username(){
            $sql_same_username = "SELECT username FROM users WHERE   
            username = ?";
            if($statement_same_username =                              
            $this->connect->prepare($sql_same_username)){                             
                $this->usernameInput = input::get('user_val');
                $statement_same_username->bind_param("s",              
                $this->usernameInput);
                $statement_same_username->execute();
                $result = $statement_same_username->get_result();
                $num_rows = $result->num_rows;

                if($num_rows > 0){
                    return false;
                }else{
                    return true;
                }
             }
         }

        public function login(){
            $sql_login = "SELECT username , password FROM users WHERE 
            username = ?";
            if($statement_login = $this->connect->prepare($sql_login)){

                $this->usernameInput = input::get('user_val');
                $this->passwordInput = input::get('password_val');

                $statement_login->bind_param("s",                     
                $this->usernameInput);
                $statement_login->execute();

                //get hashed password from database
                $statement_login->bind_result($username,$password);
                if(password_verify($this->passwordInput,$password)){
                    return true;
                }else{
                    return false;
                }
            }
        }
    }

?>

session.php

<?php 
    class session{

        public static function set($name,$value){
            return $name = $_SESSION[$value];
        }

        public static function get($name){
            return $_SESSION[$name];
        }

        public static function exists($name){
            if(isset($_SESSION[$name])){
                return true;
            }else{
                return false;
            }
        }

    }
?>

input.php

<?php 

    class input{

        public static function get($name){
            if(isset($_POST[$name])){
                return $_POST[$name];
            }else if(isset($_GET[$name])){
                return $_GET[$name];
            }else{
                return false;
            }
        }
    }
?>
  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dqch34769 2018-08-29 15:01
    已采纳

    looks like you are getting the user_val to the password field at validation_login.php

    $this->password = input::get('user_val');
    from your code it should be
    $this->password = input::get('password_val'); i will start be changing to this line

    edit to my initial answer:

    you also can't use password_hash() (see return value section password_hash) to check if the password equal, you need to use password_verify to check if the password is equal in the login function

    change your query to get the hashed password from the database and then compare it to the input password from the user with the password_verify

            $sql_login = "SELECT username , password FROM users WHERE 
            username = ? ";
    
            if(password_verify($this->passwordInput,$hashedPasswordFromDB)){
                return true;
            }else{
                return false;
            }
    

    also check if you password column in the database in long enough to store the whole password length, and make sure you username is unique

    已采纳该答案
    评论
    解决 无用
    打赏 举报

相关推荐 更多相似问题