小贝子编程

PHP 登录脚本始终返回未找到虚假用户



我已经为android登录编写了一个简单的php脚本,但我不知道为什么它总是返回找不到用户。我调试了我的安卓apk,那里很好,但是当我检查php脚本时,它总是返回错误的用户,下面找不到我的脚本

// i tried echoing everything possible but no outcome
<?php
include("conn.php");
if(isset($_POST['btn_login'])){
$username = $_POST['username'];
$password = $_POST['password'];
}
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1";
$result = mysqli_query($conn,$sql);
$response = array();
if(mysqli_num_rows($result)>0){
$row = mysqli_fetch_row($result);
$username = $row['username'];
$password = $row['password'];

$code = "login_success";
array_push($response,array("code"=>$code,"username"=>$username,"password"=>$password));
echo json_encode($response);
}
else{
$code = "login_failed";
$message = "User not found... Please try again";
array_push($response, array("code"=>$code,"message"=>$message));
echo json_encode($response);
}
mysqli_close($conn);
?>
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<form method="post">
<input type="text" name="username">
<input type="text" name="password">
<input type="submit" name="btn_login">
</form>
</body>
</html>

你说你用sha1作为密码,试着在放入SELECT之前对sha1进行编码$password

1.不要使用sha1来加密密码。始终使用 password_hash() 和 password_verify() 进行密码加密和匹配。

2.使用预准备语句防止代码SQL INJECTION

3.At 查询时间,您需要使用sha1($password)而不是$password

更改如下:-

$password = sha1($_POST['password']);

下面给出了准备好的语句代码以寻求帮助:-

<?php
include("conn.php");
if(isset($_POST['btn_login'])){
$username = $_POST['username'];
$password = sha1($_POST['password']);
if ($stmt = mysqli_prepare($conn, "SELECT * FROM users WHERE username=? AND password=? LIMIT 1")) {
/* bind parameters for markers */
mysqli_stmt_bind_param($stmt, "ss", $username,$password);
/* execute query */
mysqli_stmt_execute($stmt);
/* bind result */
mysqli_stmt_store_result($stmt);
if(mysqli_stmt_num_rows($stmt) ==1){
while($row = $stmt->fetch_assoc()){
$username = $row['username'];
$password = $row['password'];
}
$code = "login_success";
array_push($response,array("code"=>$code,"username"=>$username,"password"=>$password));
echo json_encode($response);
/* close statement */
mysqli_stmt_close($stmt);
}else{
$code = "login_failed";
$message = "User not found... Please try again";
array_push($response, array("code"=>$code,"message"=>$message));
echo json_encode($response);
}   
}
}else{
echo "Please fill form properly!";exit();
}
?>

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium