dongmang3961 2018-04-24 10:01
浏览 46
已采纳

PHP登录脚本问题

i was wondering if anyone could help as i am trying to adapt a PHP login script to accept only the password without the need for the username and I don't know what i am doing wrong.

I am a complete novice i am afraid.

What i want the end result to be is for any user to type in one password, the script then checks the password is correct from my data base and then logs them in.
//First we start a session
session_start();

//We then check if the user has clicked the login button
if (isset($_POST['submit'])) {

    //Then we include the database connection
    include_once 'dbh.inc.php';
    //And we get the data from the login form
    $pwd = $_POST['pwd'];

    //Error handlers
    //Error handlers are important to avoid any mistakes the user might have made when filling out the form!
    //Check if inputs are empty
    if (empty($pwd)) {
        header("Location: ../index.php?login=empty");
        exit();
    }
    else {
        //Check if username exists in the database USING PREPARED STATEMENTS
        $sql = "SELECT * FROM users WHERE user_uid=?";
        //Create a prepared statement
        $stmt = mysqli_stmt_init($conn);
        //Check if prepared statement fails
        if(!mysqli_stmt_prepare($stmt, $sql)) {
            header("Location: ../index.php?login=error");
            exit();
        }
        //If the prepared statement didn't fail, then continue
        else {
            //Bind parameters/data to the placeholder (?) in our $sql
            mysqli_stmt_bind_param($stmt, "s", $uid);

            //Run query in database
            mysqli_stmt_execute($stmt);

            //Get results from query
      $result = mysqli_stmt_get_result($stmt);

            //If we had a result, which means the username does exist, then assign the database row data to $row.
            if ($row = mysqli_fetch_assoc($result)) {
                //De-hashing the password using the password provided by the user, and the password from the database, to see if they match.
                $hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
                //If they didn't match!
                if ($hashedPwdCheck == false) {
                    header("Location: ../index.php?login=error");
                    exit();
                }
                //If they did match!
                elseif ($hashedPwdCheck == true) {
                    //Set SESSION variables and log user in
                    $_SESSION['u_id'] = $row['user_id'];
                    $_SESSION['u_first'] = $row['user_first'];
                    $_SESSION['u_last'] = $row['user_last'];
                    $_SESSION['u_email'] = $row['user_email'];
                    $_SESSION['u_uid'] = $row['user_uid'];
                    header("Location: ../index.php?login=success");
                    exit();
                }
      } else {
        header("Location: ../index.php?login=error");
            exit();
      }
        }
    }

    //Close the prepared statement
    mysqli_stmt_close($stmt);

} else {
    header("Location: ../index.php?login=error");
    exit();
}
  • 写回答

2条回答 默认 最新

  • dsfds2343 2018-04-24 10:05
    关注

    You are binding $uid which is undefined:

       //Bind parameters/data to the placeholder (?) in our $sql
        mysqli_stmt_bind_param($stmt, "s", $uid);
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 stm32f407使用DMA问题
  • ¥15 您好 这个API接口该怎么弄 网站搭建好了 API也有 现在就不知道该怎么填写API 不知道怎么用
  • ¥88 用uniapp写一个多端的程序,用到高德地图,用高德的JSAPI吗?
  • ¥20 关于#c++#的问题:水果店管理系统
  • ¥30 dbLinq最新版linq sqlite
  • ¥20 对D盘进行分盘之前没有将visual studio2022卸载掉,现在该如何下载回来
  • ¥15 完成虚拟机环境配置,还有安装kettle
  • ¥15 2024年全国大学生数据分析大赛A题:直播带货与电商产品的大数据分析 问题5. 请设计一份优惠券的投放策略,需要考虑优惠券的数量、优惠券的金额、投放时间段和投放商品种类等因素。求具体的python代码
  • ¥15 有人会搭建生鲜配送自营+平台的管理系统吗
  • ¥15 用matlab写代码