我在简单的登录表单上遇到麻烦并访问数据库。对于练习,我必须创建一个简单的登录表单,使用SHA1加密访问数据库,然后访问成员区域,但是每当我尝试登录时,我都会获得无效的用户名/密码消息。
我是否正确存储Hashed密码?然后如何从数据库访问它?我已经尝试了很多次。
我知道使用SHA1的哈希密码不是一个好练习,但这是我设置的练习的一部分,我看不到我的出错。
dbConnect.php
<?php
$DBhost = "localhost";
$DBuser = "root";
$DBpass = "";
$DBname = "";
$DBcon = mysqli_connect($DBhost,$DBuser,$DBpass,$DBname);
if ($DBcon->connect_errno) {
die("ERROR : -> ".$DBcon->connect_error);
}
index.php
<?php
session_start();
require_once 'dbconnect.php';
if (isset($_SESSION['userSession'])!="") {
header("Location: home.php");
exit;
}
if (isset($_POST['btn-login'])) {
$userName = strip_tags($_POST['userName']);
$password = strip_tags($_POST['password']);
$userName = $DBcon->real_escape_string($userName);
$password = $DBcon->real_escape_string($password);
$query = $DBcon->query("SELECT userID, userName, password
FROM user WHERE userName='$userName'");
$row=$query->fetch_array();
$count = $query->num_rows;
if (password_verify($password, $row['password'])
&& $count==1) {
$_SESSION['userSession'] = $row['userID'];
header("Location: home.php");
} else {
$msg = "<div class='alert alert-danger'>
Invalid Username or Password !</div>";
}
$DBcon->close();
}
?>
<!DOCTYPE html>
<html>
<body>
<div class="signin-form">
<div class="container">
<form class="form-signin" method="post" id="login-form">
<h2 class="form-signin-heading">Sign In.</h2>
<?php
if(isset($msg)){
echo $msg;
}
?>
<div class="form-group">
<input type="userName" class="form-control"
placeholder="Username" name="userName" required />
</div>
<div class="form-group">
<input type="password" class="form-control"
placeholder="Password" name="password" required />
</div>
<div class="form-group">
<button type="submit" class="btn btn-default"
name="btn-login" id="btn-login"> Sign In </button>
<a href="register.php" class="btn btn-default"
style="float:right;">Sign UP Here</a>
</div>
</form>
</div>
</div>
</body>
</html>
register.php
<?php
session_start();
if (isset($_SESSION['userSession'])!="") {
header("Location: home.php");
}
require_once 'dbconnect.php';
if(isset($_POST['btn-signup'])) {
$userName = strip_tags($_POST['userName']);
$email = strip_tags($_POST['email']);
$upass = strip_tags($_POST['password']);
$userName = $DBcon->real_escape_string($userName);
$email = $DBcon->real_escape_string($email);
$upass = $DBcon->real_escape_string($upass);
$hashed_password = sha1($upass);
$check_email = $DBcon->query("SELECT email FROM user
WHERE email='$email'");
$count=$check_email->num_rows;
if ($count==0) {
$query = "INSERT INTO user(userName,email,password)
VALUES('$userName','$email','$hashed_password')";
if ($DBcon->query($query)) {
$msg = "<div class='alert alert-success'>
successfully registered !
</div>";
}else {
$msg = "<div class='alert alert-danger'>
error while registering !
</div>";
}
} else {
$msg = "<div class='alert alert-danger'>
sorry email already taken !
</div>";
}
$DBcon->close();
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login & Registration System</title>
</head>
<body>
<div class="signin-form">
<div class="container">
<form class="form-signin" method="post" id="register-form">
<h2 class="form-signin-heading">Sign Up</h2><hr />
<?php
if (isset($msg)) {
echo $msg;
}
?>
<div class="form-group">
<input type="text" class="form-control"
placeholder="Username" name="userName" required />
</div>
<div class="form-group">
<input type="email" class="form-control"
placeholder="Email address" name="email" required />
</div>
<div class="form-group">
<input type="password" class="form-control"
placeholder="Password" name="password" required />
</div>
<div class="form-group">
<button type="submit" class="btn btn-default"
name="btn-signup">Create Account</button>
<a href="index.php" class="btn btn-default"
style="float:right;">Log In Here</a>
</div>
</form>
</div>
</div>
</body>
</html>
home.php
<?php
session_start();
include_once 'dbconnect.php';
if (!isset($_SESSION['userSession'])) {
header("Location: index.php");
}
$query = $DBcon->query("SELECT * FROM user WHERE
userID=".$_SESSION['userSession']);
$userRow=$query->fetch_array();
$DBcon->close();
?>
<!DOCTYPE html>
<html>
logout.php
<?php
session_start();
if (!isset($_SESSION['userSession'])) {
header("Location: index.php");
} else if (isset($_SESSION['userSession'])!="") {
header("Location: home.php");
}
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['userSession']);
header("Location: index.php");
}
?>
您需要使用sha1()
加密密码,然后再选择:
$password = $DBcon->real_escape_string(sha1($password));
我要假设 password_very()
不是问题。一件事可能是是您对$count = $query->num_rows;
的使用,这是PHP文档的片段。
mysqli_num_rows()的行为取决于是缓冲还是 使用了未缓冲的结果集。对于未封闭的结果集, mysqli_num_rows()将不会返回正确的行数,直到所有 结果中的行已被检索。