douzhi0107 2016-04-28 04:31
浏览 19
已采纳

制作首次登录系统。 选择SQL列不起作用?

I am attempting to make my first login system. For some reason when I try to get the password from my database it doesn't give a value? I'm not sure what I'm doing wrong. The error is somewhere between $sql and $db_password.

@LFlare Im not sure what the DESC users thing is. Here is a picture of the table, I wasn't sure how you wanted it. http://i.imgur.com/WkZV7IZ.png

Thanks!

    <?php
    session_start();

    if (isset($_POST['login'])) {
        include_once("db.php");
        $username = strip_tags($_POST['username']);
        $password = strip_tags($_POST['password']);

        $username = stripslashes($username);
        $password = stripslashes($password);

        $username = mysqli_real_escape_string($db, $username);
        $password = mysqli_real_escape_string($db, $password);

        $password = md5($password);

        $sql = "SELECT * FROM users WHERE username = '$username' LIMIT 1";
        $query = mysqli_query($db, $sql);
        $row = mysqli_fetch_array($query);
        $id = $row['id'];
        $db_password = $row['password'];

        //echo "Password: $password";
        //echo "DB Password: $db_password";

        if ($password == $db_password) {
            $_SESSION['username'] = $username;
            $_SESSION['id'] = $id;
            header("Location: index.php");
        } else {
            echo "You didn't enter the correct details!";
        }
    }
?>

<!DOCTYPE html>
<html>
    <head>
        <title>Login</title>
    </head>
    <body>
        <h1>Login</h1>
        <form action="login.php" method="post" enctype="multipart/form-data">
            <input placeholder="Username" name="username" type="text" autofocus>
            <input placeholder="Password" name="password" type="password">
            <input name="login" type="submit" value="Login">
        </form>
    </body>
</html>
  • 写回答

2条回答 默认 最新

  • dpoh61610 2016-04-28 04:40
    关注

    Your PHP

    <?php
    session_start();

    if (isset($_POST['username']) && isset($_POST['password'])) {
        include_once("db.php");
        $username = mysqli_real_escape_string($sqlcon, $_POST['username']);
        $password = mysqli_real_escape_string($sqlcon, $_POST['password']);
        // If you want to make sure username is alphanumeric, you can do
        // $username = preg_replace('/[^a-zA-Z0-9]/', '', mysqli_real_escape_string($sqlcon, $_POST['username']));

        // Do not use these, mysqli_real_escape_string is enough to prevent injection attacks. Furthermore, you may be compromising user security by remove special characters in passwords.
        // $username = strip_tags($_POST['username']);
        // $password = strip_tags($_POST['password']);
        // $username = stripslashes($username);
        // $password = stripslashes($password);

        // $password = md5($password); This is very susceptibile to rainbow table attacks, do something like a loop
        for ($i = 0; $i < 1000; $i ++) {
            $password = md5($password . $username); // Looping the md5 a thousand times and salting it with the username is good practice too.U
        }

        $userQuery = "SELECT * FROM users WHERE username = '" . $username . "' LIMIT 1";
        $user = mysqli_query($sqlcon, $userQuery);

        if (mysqli_num_rows($user) > 0) { // If user exists,
            $user = mysqli_fetch_assoc($user); // mysqli_fetch_arrays put values into $user[0], $user[1], etc.
            $id = $user['id'];
            $databasepass = $user['password'];

            if ($password === $databasepass) {
                $_SESSION['username'] = $username;
                $_SESSION['id'] = $id;
                header("Location: index.php");
            } else {
                echo "Password is incorrect";
            }
        } else {
            echo "Username does not exist";
        }
    } else {
        echo "Username or Password not filled in";
    }
    echo $password;
?>

<!DOCTYPE html>
<html>
    <head>
        <title>Login</title>
    </head>
    <body>
        <h1>Login</h1>
        <form action="login.php" method="post" enctype="multipart/form-data">
            <input placeholder="Username" name="username" type="text" autofocus>
            <input placeholder="Password" name="password" type="password">
            <input name="login" type="submit" value="Login">
        </form>
    </body>
</html>

    Your db.php

    <?php
$host = "localhost";
$user = "root";
$pass = "";
$database = "users";

$sqlcon = mysqli_connect($host, $user, $pass, $database);

if (mysqli_connect_errno()) {
    die ("MySQL Database Connection Error");
}
?>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥50 求解vmware的网络模式问题
  • ¥24 EFS加密后,在同一台电脑解密出错,证书界面找不到对应指纹的证书,未备份证书,求在原电脑解密的方法,可行即采纳
  • ¥15 springboot 3.0 实现Security 6.x版本集成
  • ¥15 PHP-8.1 镜像无法用dockerfile里的CMD命令启动 只能进入容器启动,如何解决?(操作系统-ubuntu)
  • ¥30 请帮我解决一下下面六个代码
  • ¥15 关于资源监视工具的e-care有知道的嘛
  • ¥35 MIMO天线稀疏阵列排布问题
  • ¥60 用visual studio编写程序,利用间接平差求解水准网
  • ¥15 Llama如何调用shell或者Python
  • ¥20 谁能帮我挨个解读这个php语言编的代码什么意思?