dongmang3961 2018-04-24 10:01
浏览 46
已采纳

PHP登录脚本问题

i was wondering if anyone could help as i am trying to adapt a PHP login script to accept only the password without the need for the username and I don't know what i am doing wrong.

I am a complete novice i am afraid.

What i want the end result to be is for any user to type in one password, the script then checks the password is correct from my data base and then logs them in.
//First we start a session
session_start();

//We then check if the user has clicked the login button
if (isset($_POST['submit'])) {

    //Then we include the database connection
    include_once 'dbh.inc.php';
    //And we get the data from the login form
    $pwd = $_POST['pwd'];

    //Error handlers
    //Error handlers are important to avoid any mistakes the user might have made when filling out the form!
    //Check if inputs are empty
    if (empty($pwd)) {
        header("Location: ../index.php?login=empty");
        exit();
    }
    else {
        //Check if username exists in the database USING PREPARED STATEMENTS
        $sql = "SELECT * FROM users WHERE user_uid=?";
        //Create a prepared statement
        $stmt = mysqli_stmt_init($conn);
        //Check if prepared statement fails
        if(!mysqli_stmt_prepare($stmt, $sql)) {
            header("Location: ../index.php?login=error");
            exit();
        }
        //If the prepared statement didn't fail, then continue
        else {
            //Bind parameters/data to the placeholder (?) in our $sql
            mysqli_stmt_bind_param($stmt, "s", $uid);

            //Run query in database
            mysqli_stmt_execute($stmt);

            //Get results from query
      $result = mysqli_stmt_get_result($stmt);

            //If we had a result, which means the username does exist, then assign the database row data to $row.
            if ($row = mysqli_fetch_assoc($result)) {
                //De-hashing the password using the password provided by the user, and the password from the database, to see if they match.
                $hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
                //If they didn't match!
                if ($hashedPwdCheck == false) {
                    header("Location: ../index.php?login=error");
                    exit();
                }
                //If they did match!
                elseif ($hashedPwdCheck == true) {
                    //Set SESSION variables and log user in
                    $_SESSION['u_id'] = $row['user_id'];
                    $_SESSION['u_first'] = $row['user_first'];
                    $_SESSION['u_last'] = $row['user_last'];
                    $_SESSION['u_email'] = $row['user_email'];
                    $_SESSION['u_uid'] = $row['user_uid'];
                    header("Location: ../index.php?login=success");
                    exit();
                }
      } else {
        header("Location: ../index.php?login=error");
            exit();
      }
        }
    }

    //Close the prepared statement
    mysqli_stmt_close($stmt);

} else {
    header("Location: ../index.php?login=error");
    exit();
}
  • 写回答

2条回答 默认 最新

  • dsfds2343 2018-04-24 10:05
    关注

    You are binding $uid which is undefined:

       //Bind parameters/data to the placeholder (?) in our $sql
        mysqli_stmt_bind_param($stmt, "s", $uid);
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥50 关于#html5#的问题:H5页面用户手机返回的时候跳转到指定页面例如(语言-javascript)
  • ¥15 无法使用此凭据登录,因为你的域不可用,如何解决?(标签-Windows)
  • ¥15 yolov9的训练时间
  • ¥15 二叉树遍历没有报错但无法正常运行
  • ¥15 在linux系统下vscode运行robocup3d上场球员报错
  • ¥15 Python语言实验
  • ¥15 SAP HANA SQL 增加合计行
  • ¥20 用C#语言解决一个英文打字练习器,有偿
  • ¥15 srs-sip外部服务 webrtc支持H265格式
  • ¥15 在使用abaqus软件中,继承到assembly里的surfaces怎么使用python批量调动