<?php
include "connection.php";
?>
<!DOCTYPE html>
<html>
<head>
<title>Add students</title>
<link rel="stylesheet" type="text/css" href="boosttrap.min.css">
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<form action="adduser.php" method="POST">
<div>
<h2>
Username will be generated automatically
</h2>
<br/>
<label>Password</label>
<input type="password" name="s_password" class="form-control" placeholder="Enter new passowrd">
<br/>
<label>Name</label>
<input type="text" name="s_name" class="form-control" placeholder="Enter name">
<br/>
<label>Surname</label>
<input type="text" name="s_surname" class="form-control" placeholder="Enter surname">
<br/>
<label>Date of birth</label>
<input type="date" name="s_dob" class="form-control" placeholder="Enter Date of birth">
<br/>
<label>Year group</label>
<select name ="s_yeargroup">
<option selected = "true" disabled="disabled"> Select one from below...</option>
<option value=1 >7</option>
<option value=2> 8</option>
<option value=3> 9</option>
<option value=4> 10</option>
<option value=5> 11</option>
</select>
<br/>
<button type="sumbit" name="btnAddUser" class="float" value ="Login">Create New User</button>
</div>
</form>
<a href="../logout.php">Logout</a>
</body>
<?php
if(isset($_POST["btnAddUser"])){
$hashed_password = password_hash($_POST['s_password'], PASSWORD_DEFAULT);
$name = $_POST["s_name"];
$surname = $_POST["s_surname"];
$dob = $_POST["s_dob"];
$yeargroup = $_POST["s_yeargroup"];
$usernamenew = substr($name, 0, 1);
$usernamenew1 = substr($surname, 0, 4);
$usernamenew3= $usernamenew.$usernamenew1;
$sql = "INSERT INTO tbluser (Username, Password, Role) VALUES ('$usernamenew3', '$hashed_password', 'Student')";
if(!mysqli_query($conn,$sql))
{
echo "Error with Username or password";
}
else
{
echo "Username and password created successfully. The username is ".$usernamenew3.".";
}
$sql4= "SELECT ID FROM tbluser WHERE Username = '$usernamenew3'";
$result1= mysqli_query($conn,$sql4);
$row= mysqli_fetch_assoc($result1);
$userid=$row['ID'];
$sql1 = "INSERT INTO student (name, surname, dob, yeargroup_id, tbluser_ID) VALUES ('$name','$surname','$dob','$yeargroup','$userid')";
if(!mysqli_query($conn,$sql1))
{
echo "Error with Student info";
}
else
{
echo " \r\nStudent has been added successfully.";
}
}
?>
这是我用来登录用户的代码
<?php session_start(); require_once "connection.php"; $message = ""; $role = ""; if(isset($_POST["btnLogin"])) { $password = $_POST["password"]; $stmt=$conn->prepare("SELECT Username, Password FROM tbluser WHERE Username = ? "); $stmt-> bind_param("s",$_POST["username"]); $stmt->execute(); $result = $stmt->get_result(); if(mysqli_num_rows($result) > 0) { while ($row = mysqli_fetch_assoc($result)) { if(password_verify($password, $row["Password"])) { if($row["Role"] == "Admin") { $_SESSION['AdminUser'] = $row["Username"]; $_SESSION['adminid']= $row["ID"]; $_SESSION['role'] = $row["Role"]; header('Location: admin/admin.php'); } elseif($row["Role"] == "Teacher") { $_SESSION['ProfUser'] = $row["Username"]; $_SESSION['teacherid']= $row["ID"]; $_SESSION['role'] = $row["Role"]; header('Location: teacher/prof.php'); } elseif($row["Role"] == "Student") { $_SESSION['StudentUser'] = $row["Username"]; $_SESSION['studentid']= $row["ID"]; $_SESSION['role'] = $row["Role"]; header('Location: student/student.php'); } else echo "Role is not recognised"; } } } }
[如果有人能找到我的错误,我将不胜感激。谢谢我的数据库,以备不时之需。
password_hash()
和password_verify()
。您仅从表中选择Username
和Password
列。因此,将不会设置$row["Role"]
,并且if
条件都不会成功。结果您应该得到错误Role is not recognized
。
将其更改为:
$stmt=$conn->prepare("SELECT Username, Password, Role, ID FROM tbluser WHERE Username = ? ");
还添加else
语句,以便您知道登录失败时哪个if
条件失败。
<?php if(isset($_POST["btnLogin"])) { $password = $_POST["password"]; $stmt=$conn->prepare("SELECT Username, Password FROM tbluser WHERE Username = ? "); $stmt-> bind_param("s",$_POST["username"]); $stmt->execute(); $result = $stmt->get_result(); if(mysqli_num_rows($result) > 0) { $row = mysqli_fetch_assoc($result); if(password_verify($password, $row["Password"])) { if($row["Role"] == "Admin") { $_SESSION['AdminUser'] = $row["Username"]; $_SESSION['adminid']= $row["ID"]; $_SESSION['role'] = $row["Role"]; header('Location: admin/admin.php'); } elseif($row["Role"] == "Teacher") { $_SESSION['ProfUser'] = $row["Username"]; $_SESSION['teacherid']= $row["ID"]; $_SESSION['role'] = $row["Role"]; header('Location: teacher/prof.php'); } elseif($row["Role"] == "Student") { $_SESSION['StudentUser'] = $row["Username"]; $_SESSION['studentid']= $row["ID"]; $_SESSION['role'] = $row["Role"]; header('Location: student/student.php'); } else echo "Role is not recognised"; } else { echo "Password incorrect"; } } else { echo "Username not found"; } } else { echo "Form not submitted correctly"; }
由于用户名是唯一的,因此在获取行时不需要while
循环;只有一排。
password_hash
文档中,password_hash
与password_hash
一起产生的字符串长60个字符,而其他算法可能会产生更长的字符。您在数据库中的PASSWORD_BCRYPT
字段只有45个字符。根据文档中的建议,应将字段大小增加到255。