当管理员登录时,我试图将用户名保存到一个名为$_SESSION['Username']的会话中。在我的本地主机上,它运行良好,但在服务器上则不然。我还测试了SESSIONS是否可以在一般情况下保存,它是否有效,甚至可以在多个站点上保存。此外,$_SESSION['example']运行良好,我可以在服务器的其他站点上访问它。
$_SESSION['test1']和$_SESSION['test2']也不会被保存,所以我想它甚至没有到达if语句。我测试的密码也是正确的。
<?php
session_start();
/*if (isset($_SESSION["Username"])) {
header('location: dndStill.php');
exit;
}
*/?>
<!DOCTYPE html>
<html>
<head>
<title>Anmelden</title>
<link rel="stylesheet" type="text/css" href="css/galleryLogin.css">
</head>
<body>
<div class="loginAll">
<form action="loginGallery.php" method="post" class="loginForm">
<div class="loginFeld">
<input type="text" name="username" placeholder="Nutzername" required>
</div>
<div class="loginFeld">
<input type="password" name="password" placeholder="Passwort" required>
</div>
<div class="input-group">
<button type="submit" class="login" name="submit">Login</button>
</div>
</form>
</div>
<?php
if (isset($_POST["submit"])) {
require_once "dbconnect_simple.php";
$username = ($_POST['username']);
$password = ($_POST['password']);
$password = md5($password);
$query = "SELECT * FROM nutzer WHERE nutzername= ? AND passwort= ? LIMIT 1";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("ss", $username, $password);
$stmt->execute();
$result = $stmt->get_result();
if (mysqli_num_rows($result) == 1) {
while($row = $result->fetch_array()) {
if ($password === $row["passwort"]) {
$_SESSION["Username"] = $row["nutzername"];
//header("Location: dndFood.php");
} else {
echo'Falsches Passwort oder Nutzername';
$_SESSION['Fehler 1'] = "Fehler1";
}
}
} else {
echo 'Falsches Passwort oder Nutzername';
$_SESSION['Fehler 2'] = "Fehler2";
}
}
?>
<?php '<pre>' ;
$_SESSION['example'] = "example";
print_r($_SESSION);
'</pre>';
?>
</body>
</html>
您的密码验证码不正确,请参阅下面的更正:
-
不要在SQL查询中检查密码,只检查数据库中的用户名、电子邮件或全名:更正的SQL:
$query = "SELECT * FROM nutzer WHERE nutzername= ? LIMIT 1";
来源:
$result = $stmt->get_result();
if (mysqli_num_rows($result) == 1) {
while($row = $result->fetch_array()) {
if ($password === $row["passwort"]) {
$_SESSION["Username"] = $row["nutzername"];
//header("Location: dndFood.php");
} else {
echo'Falsches Passwort oder Nutzername';
$_SESSION['Fehler 1'] = "Fehler1";
}
}
}
更正为:
$query = "SELECT * FROM nutzer WHERE nutzername= ? LIMIT 1";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
$fetch_assoc = mysqli_fetch_assoc($result);
if (mysqli_num_rows($result) > 0) {
$verify_password = password_verify($password_from_post_request, $fetch_assoc["password_field_in_the_database"]);
if ($verify_password) {
$_SESSION["Username"] = $fetch_assoc["nutzername"];
//header("Location: dndFood.php");
} else {
echo'Falsches Passwort oder Nutzername';
$_SESSION['Fehler 1'] = "Fehler1";
}
} else {
echo'Sorry, your account could not be found';
$_SESSION['Fehler 1'] = "Fehler1";
}
用过程PHP编写的代码:
$query = "SELECT * FROM nutzer WHERE nutzername=? LIMIT 1";
$stmt = mysqli_stmt_init($connection);
mysqli_prepare($stmt, $query);
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
$result_set = mysqli_stmt_get_result($stmt);
$fetch_assoc = mysqli_fetch_assoc($result_set);
if (mysqli_num_rows($result_set) > 0) {
$verify_password = password_verify($password_from_post_request, $fetch_assoc["password_field_in_the_database"]);
if ($verify_password) {
$_SESSION["Username"] = $fetch_assoc["nutzername"];
//header("Location: dndFood.php");
} else {
echo 'Falsches Passwort oder Nutzername';
$_SESSION['Fehler 1'] = "Fehler1";
}
} else {
echo 'Sorry, your account could not be found';
$_SESSION['Fehler 1'] = "Fehler1";
}
密码验证是将密码与数据库中的密码进行验证的PHP函数,它会对传入的用户密码进行散列,并将其与数据库中已经散列的密码进行比较,但在将其保存到数据库之前,请确保使用password_hash对密码进行散列