最近,我一直在努力使用OOP PHP和Prepared Statement创建登录系统。当我输入正确的用户名和密码后点击登录按钮,它仍然验证我输入了错误的用户名和密码。这是我的代码。任何帮助,将不胜感激。谢谢!
的login.php
<?php
require_once 'templates/header.php';
?>
<link rel="stylesheet" type="text/css" href="styles/login-style.css">
<script type="text/javascript" src="https://code.jquery.com/jquery-
3.3.1.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$('#login').click(function(event){
event.preventDefault();
var username = $('#usernameID').val();
var password = $('#passwordID').val();
$.post("validation/validation_login.php",{
user_val : username,
password_val : password,
},function(data){
$('.error-message').html(data);
});
});
});
</script>
<title>Login</title>
<form>
<h1>Login</h1>
<input type="text" id="usernameID" name="username"
placeholder="Username" autocomplete="off"> <br>
<input type="password" id="passwordID" name="password"
placeholder="Password" autocomplete="off"> <br>
<input type="button" id="login" name="register-button" value="Login">
</form>
<div class="error-message">
</div>
<?php
require_once 'templates/footer.php';
?>
validation_login.php
<?php
require_once '../classes/input.php';
require_once '../classes/session.php';
require_once '../classes/database.php';
class validation_login{
private $username,$password;
public $errorMessage;
public function validate_login(){
$db = new database();
$this->username = input::get('user_val');
$this->password = input::get('password_val');
if(empty($this->username) || empty($this->password)){
$this->errorMessage = "Please fill all the fields!";
return false;
}else if(!$db->login()){
$this->errorMessage = "Invalid username or password!";
return false;
}else{
session::set('username',$this->username);
header('Location: index.php');
return true;
}
}
}
$validate_login = new validation_login();
$validate_login->validate_login();
echo "$validate_login->errorMessage";
?>
为database.php
<?php
class database{
//db_initialization
private $HOST = 'localhost',
$USERNAME = 'root',
$PASSWORD = '',
$DBNAME = 'auth',
$connect;
//db_insert
private $usernameInput,
$firstnameInput,
$lastnameInput,
$passwordInput,
$hashedPassword;
public function __construct(){
$this->connect = new mysqli($this->HOST,$this->USERNAME,
$this->PASSWORD,$this->DBNAME) or die('connection error');
}
public function insert_data(){
$sql = "INSERT INTO users
(username,first_name,last_name,password) VALUES (?,?,?,?)";
if($statement = $this->connect->prepare($sql)){
$this->usernameInput = input::get('user_val');
$this->firstnameInput = input::get('first_name_val');
$this->lastnameInput = input::get('last_name_val');
$this->passwordInput = input::get('password_val');
$this->hashedPassword = password_hash( $this->passwordInput,
PASSWORD_DEFAULT);
$statement->bind_param("ssss",$this->usernameInput,
$this- >firstnameInput,$this->lastnameInput,
$this->hashedPassword);
$statement->execute();
}
}
public function validate_same_username(){
$sql_same_username = "SELECT username FROM users WHERE
username = ?";
if($statement_same_username =
$this->connect->prepare($sql_same_username)){
$this->usernameInput = input::get('user_val');
$statement_same_username->bind_param("s",
$this->usernameInput);
$statement_same_username->execute();
$result = $statement_same_username->get_result();
$num_rows = $result->num_rows;
if($num_rows > 0){
return false;
}else{
return true;
}
}
}
public function login(){
$sql_login = "SELECT username , password FROM users WHERE
username = ?";
if($statement_login = $this->connect->prepare($sql_login)){
$this->usernameInput = input::get('user_val');
$this->passwordInput = input::get('password_val');
$statement_login->bind_param("s",
$this->usernameInput);
$statement_login->execute();
//get hashed password from database
$statement_login->bind_result($username,$password);
if(password_verify($this->passwordInput,$password)){
return true;
}else{
return false;
}
}
}
}
?>
session.php文件
<?php
class session{
public static function set($name,$value){
return $name = $_SESSION[$value];
}
public static function get($name){
return $_SESSION[$name];
}
public static function exists($name){
if(isset($_SESSION[$name])){
return true;
}else{
return false;
}
}
}
?>
input.php
<?php
class input{
public static function get($name){
if(isset($_POST[$name])){
return $_POST[$name];
}else if(isset($_GET[$name])){
return $_GET[$name];
}else{
return false;
}
}
}
?>
看起来你正在将user_val发送到验证login.php中的密码字段
$this->password = input::get('user_val');
从你的代码应该是
$this->password = input::get('password_val');我将开始改变这条线
编辑我的初步答案:
你也不能使用password_hash()(参见返回值部分password_hash)检查密码是否相等,你需要使用password_verify检查登录功能中的密码是否相等
更改您的查询以从数据库中获取哈希密码,然后将其与用户使用password_verify的输入密码进行比较
$sql_login = "SELECT username , password FROM users WHERE
username = ? ";
if(password_verify($this->passwordInput,$hashedPasswordFromDB)){
return true;
}else{
return false;
}
还检查数据库中的password列是否足够存储整个密码长度,并确保用户名是唯一的