dongmang3961 2018-04-24 10:01
浏览 46
已采纳

PHP登录脚本问题

i was wondering if anyone could help as i am trying to adapt a PHP login script to accept only the password without the need for the username and I don't know what i am doing wrong.

I am a complete novice i am afraid.

What i want the end result to be is for any user to type in one password, the script then checks the password is correct from my data base and then logs them in. 
//First we start a session
session_start();

//We then check if the user has clicked the login button
if (isset($_POST['submit'])) {

    //Then we include the database connection
    include_once 'dbh.inc.php';
    //And we get the data from the login form
    $pwd = $_POST['pwd'];

    //Error handlers
    //Error handlers are important to avoid any mistakes the user might have made when filling out the form!
    //Check if inputs are empty
    if (empty($pwd)) {
        header("Location: ../index.php?login=empty");
        exit();
    }
    else {
        //Check if username exists in the database USING PREPARED STATEMENTS
        $sql = "SELECT * FROM users WHERE user_uid=?";
        //Create a prepared statement
        $stmt = mysqli_stmt_init($conn);
        //Check if prepared statement fails
        if(!mysqli_stmt_prepare($stmt, $sql)) {
            header("Location: ../index.php?login=error");
            exit();
        }
        //If the prepared statement didn't fail, then continue
        else {
            //Bind parameters/data to the placeholder (?) in our $sql
            mysqli_stmt_bind_param($stmt, "s", $uid);

            //Run query in database
            mysqli_stmt_execute($stmt);

            //Get results from query
      $result = mysqli_stmt_get_result($stmt);

            //If we had a result, which means the username does exist, then assign the database row data to $row.
            if ($row = mysqli_fetch_assoc($result)) {
                //De-hashing the password using the password provided by the user, and the password from the database, to see if they match.
                $hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
                //If they didn't match!
                if ($hashedPwdCheck == false) {
                    header("Location: ../index.php?login=error");
                    exit();
                }
                //If they did match!
                elseif ($hashedPwdCheck == true) {
                    //Set SESSION variables and log user in
                    $_SESSION['u_id'] = $row['user_id'];
                    $_SESSION['u_first'] = $row['user_first'];
                    $_SESSION['u_last'] = $row['user_last'];
                    $_SESSION['u_email'] = $row['user_email'];
                    $_SESSION['u_uid'] = $row['user_uid'];
                    header("Location: ../index.php?login=success");
                    exit();
                }
      } else {
        header("Location: ../index.php?login=error");
            exit();
      }
        }
    }

    //Close the prepared statement
    mysqli_stmt_close($stmt);

} else {
    header("Location: ../index.php?login=error");
    exit();
}
  • 写回答

2条回答 默认 最新

  • dsfds2343 2018-04-24 10:05
    关注

    You are binding $uid which is undefined:

       //Bind parameters/data to the placeholder (?) in our $sql
    mysqli_stmt_bind_param($stmt, "s", $uid);
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 网络科学导论,网络控制
  • ¥15 metadata提取的PDF元数据,如何转换为一个Excel
  • ¥15 关于arduino编程toCharArray()函数的使用
  • ¥100 vc++混合CEF采用CLR方式编译报错
  • ¥15 coze 的插件输入飞书多维表格 app_token 后一直显示错误,如何解决?
  • ¥15 vite+vue3+plyr播放本地public文件夹下视频无法加载
  • ¥15 c#逐行读取txt文本,但是每一行里面数据之间空格数量不同
  • ¥50 如何openEuler 22.03上安装配置drbd
  • ¥20 ING91680C BLE5.3 芯片怎么实现串口收发数据
  • ¥15 无线连接树莓派,无法执行update,如何解决?(相关搜索:软件下载)