douhuang4166 2015-03-24 21:14
浏览 37
已采纳

PHP不返回数据库项

I am trying to fill a varialble $login with the users user_id so I can use sessions, however the query does not return the user_id to fill the $login with.

users.php

<?php
function user_exists($username, $con) {
    $data = $username;
    $username = sanitize($data, $con); 
    $username = $data;
    mysqli_query($con, "SELECT `user_id` FROM `users` WHERE `username` = '$username'");
    return(mysqli_affected_rows($con) == 1) ? true : false;
}

function user_active($username, $con) {
    $data = $username;
    $username = sanitize($data, $con); 
    $username = $data;
    mysqli_query($con, "SELECT `user_id` FROM `users` WHERE `username` = '$username' AND `active` = 1");
    return(mysqli_affected_rows($con) == 1) ? true : false;
}

function user_id_from_username ($username, $con) {
    $data = $username;
    $username = sanitize($data, $con); 
    $username = $data;
    mysqli_query($con, "SELECT `user_id` FROM `users` WHERE `username` = '$username'");
    return mysqli_affected_rows($con) ? 0 : 'user_id';
}

function login($username, $password, $con) {
    $user_id = user_id_from_username($username, $con);
    $data = $username;
    $username = sanitize($data, $con); 
    $username = $data;
    $password = md5($password);
    mysqli_query($con, "SELECT `user_id` FROM `users` WHERE `username` = '$username' AND `password` = '$password'");
    return (mysqli_affected_rows($con) == 1) ? $user_id : false;
}
?>

login.php

<?php
include 'core/init.php';

if (empty($_POST) === false) {
    $username = $_POST['username'];
    $password = $_POST['password'];

    if (empty($username) === true || empty($password) === true)  {
        $errors[] = 'You need to enter a username and password';
    } else if (user_exists($username, $con) === false) {
        $errors[] = 'We can\'t find that username. Have you registered?';
    } else if (user_active($username, $con) === false) {
        $errors[] = 'You have not activated your account. Please see the instructions.';
    } else {
        $login = login($username, $password, $con);

        if ($login === false) {
            $errors [] = 'That username and password combination is incorrect;';
        } else {
            echo 'hi';
            die($login);
            $_SESSION['user_id'] = $login;
        }
    }

    print_r($errors);
}
?>

Init.php

<?php 
session_start();
//error_reporting(0);
require 'database/connect.php';
require 'functions/users.php';
require 'functions/general.php';
$errors = array();
?>
  • 写回答

1条回答 默认 最新

  • douerqu2319 2015-03-24 21:40
    关注

    When you get your userid you are returning the wrong value:

    function user_id_from_username ($username, $con) {
    $data = $username;
    $username = sanitize($data, $con); 
    $username = $data;
    mysqli_query($con, "SELECT `user_id` FROM `users` WHERE `username` = '$username'");
    return mysqli_affected_rows($con) ? 0 : 'user_id';
}

    This function will return a 0 (if affected_rows is not 0) or the string 'user_id' (if affected rows is 0). First off I think the logic is probably reversed (0 vs non-zero) and secondly I think you really want to return an actual user_id instead of just the string 'user_id'.

    Then in your login function:

    function login($username, $password, $con) {
    $user_id = user_id_from_username($username, $con);
    $data = $username;
    $username = sanitize($data, $con); 
    $username = $data;
    $password = md5($password);
    mysqli_query($con, "SELECT `user_id` FROM `users` WHERE `username` = '$username' AND `password` = '$password'");
    return (mysqli_affected_rows($con) == 1) ? $user_id : false;
}

    You get this 0 or 'user_id' (string) into $user_id and then ignore it until the very end when you return either that value or a false. Since the logic was reversed on the return value of the previous function, then on a successful login your $user_id contains the 0 (which is boolean false in PHP) and so this function is returning either a 0 or a false from login - both of them are false so login() is returning false. But specifically in the case of a good login you are returning a 0 which then isn't going to look like a valid ID to put into your session and, if you get it there, isn't going to compare well because of the whole situation of zero being evaluated to boolean false.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥50 求解vmware的网络模式问题 别拿AI回答
  • ¥24 EFS加密后,在同一台电脑解密出错,证书界面找不到对应指纹的证书,未备份证书,求在原电脑解密的方法,可行即采纳
  • ¥15 springboot 3.0 实现Security 6.x版本集成
  • ¥15 PHP-8.1 镜像无法用dockerfile里的CMD命令启动 只能进入容器启动,如何解决?(操作系统-ubuntu)
  • ¥30 请帮我解决一下下面六个代码
  • ¥15 关于资源监视工具的e-care有知道的嘛
  • ¥35 MIMO天线稀疏阵列排布问题
  • ¥60 用visual studio编写程序,利用间接平差求解水准网
  • ¥15 Llama如何调用shell或者Python
  • ¥20 谁能帮我挨个解读这个php语言编的代码什么意思?