dongmang3961 2018-04-24 10:01
浏览 46
已采纳

PHP登录脚本问题

i was wondering if anyone could help as i am trying to adapt a PHP login script to accept only the password without the need for the username and I don't know what i am doing wrong.

I am a complete novice i am afraid.

What i want the end result to be is for any user to type in one password, the script then checks the password is correct from my data base and then logs them in. 
//First we start a session
session_start();

//We then check if the user has clicked the login button
if (isset($_POST['submit'])) {

    //Then we include the database connection
    include_once 'dbh.inc.php';
    //And we get the data from the login form
    $pwd = $_POST['pwd'];

    //Error handlers
    //Error handlers are important to avoid any mistakes the user might have made when filling out the form!
    //Check if inputs are empty
    if (empty($pwd)) {
        header("Location: ../index.php?login=empty");
        exit();
    }
    else {
        //Check if username exists in the database USING PREPARED STATEMENTS
        $sql = "SELECT * FROM users WHERE user_uid=?";
        //Create a prepared statement
        $stmt = mysqli_stmt_init($conn);
        //Check if prepared statement fails
        if(!mysqli_stmt_prepare($stmt, $sql)) {
            header("Location: ../index.php?login=error");
            exit();
        }
        //If the prepared statement didn't fail, then continue
        else {
            //Bind parameters/data to the placeholder (?) in our $sql
            mysqli_stmt_bind_param($stmt, "s", $uid);

            //Run query in database
            mysqli_stmt_execute($stmt);

            //Get results from query
      $result = mysqli_stmt_get_result($stmt);

            //If we had a result, which means the username does exist, then assign the database row data to $row.
            if ($row = mysqli_fetch_assoc($result)) {
                //De-hashing the password using the password provided by the user, and the password from the database, to see if they match.
                $hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
                //If they didn't match!
                if ($hashedPwdCheck == false) {
                    header("Location: ../index.php?login=error");
                    exit();
                }
                //If they did match!
                elseif ($hashedPwdCheck == true) {
                    //Set SESSION variables and log user in
                    $_SESSION['u_id'] = $row['user_id'];
                    $_SESSION['u_first'] = $row['user_first'];
                    $_SESSION['u_last'] = $row['user_last'];
                    $_SESSION['u_email'] = $row['user_email'];
                    $_SESSION['u_uid'] = $row['user_uid'];
                    header("Location: ../index.php?login=success");
                    exit();
                }
      } else {
        header("Location: ../index.php?login=error");
            exit();
      }
        }
    }

    //Close the prepared statement
    mysqli_stmt_close($stmt);

} else {
    header("Location: ../index.php?login=error");
    exit();
}
  • 写回答

2条回答 默认 最新

  • dsfds2343 2018-04-24 10:05
    关注

    You are binding $uid which is undefined:

       //Bind parameters/data to the placeholder (?) in our $sql
    mysqli_stmt_bind_param($stmt, "s", $uid);
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 根据以下文字信息,做EA模型图
  • ¥15 删除虚拟显示器驱动 删除所有 Xorg 配置文件 删除显示器缓存文件 重启系统 可是依旧无法退出虚拟显示器
  • ¥15 vscode程序一直报同样的错,如何解决?
  • ¥15 关于使用unity中遇到的问题
  • ¥15 开放世界如何写线性关卡的用例(类似原神)
  • ¥15 关于并联谐振电磁感应加热
  • ¥60 请查询全国几个煤炭大省近十年的煤炭铁路及公路的货物周转量
  • ¥15 请帮我看看我这道c语言题到底漏了哪种情况吧!
  • ¥60 关机时蓝屏并显示KMODE_EXCEPTION_NOT_HANDLED,怎么修?
  • ¥66 如何制作支付宝扫码跳转到发红包界面