php 登录方法未按预期工作

问题描述 投票:0回答:1

所以我的登录页面使用下面的代码,但是验证代码不能很好地工作,它要么让我使用任何密码进入,要么根本不让我进入

init.php:

<?php
date_default_timezone_set('Asia/Riyadh');
$error = ['Username' => '', 'Email' => '', 'Password' => ''];
$input = ['Username' => '', 'Email' => '', 'Password' => ''];
session_start();
$config = require 'config.php';
$db = new mysqli(...$config['db']);
$db->set_charset($config['db_charset']);
?>

注册.php:

<?php
require 'init.php';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // input validation

    $Username = $input['Username'] = trim(filter_input(INPUT_POST, 'Username'));
    if (mb_strlen($Username) < 3 || mb_strlen($Username) > 30) {
        $error['Username'] = 'Please enter your name, it must be from 3 to 30 charaters long.';
        echo "<p class='Center'> <font color=White  size='50pt'>Username should be at least 3 characters long!</font> </p>";
    }

    $Email = $input['Email'] = trim(filter_input(INPUT_POST, 'Email'));
    if (!filter_var($Email, FILTER_VALIDATE_EMAIL)) {
        $error['Email'] = 'Please enter a valid email address.';
        echo "<p class='Center'> <font color=White  size='50pt'>Please enter a valid email address!</font> </p>";

    } else {
        $result = $db->execute_query("SELECT 1 FROM users WHERE email = ?", [$Email]);
        if ($result->fetch_row()) {
            $error['Email'] = 'Email address already taken.';
            echo "<p class='Center'> <font color=White  size='50pt'>Email address already taken.Please Login!</font> </p>";

        }
    }

    $Password = filter_input(INPUT_POST, 'Password');
    if (strlen($Password) < 3 || strlen($Password) > 72) {
        $error['Password'] = 'Please enter password, it must be from 3 to 72 characters long.';
        echo "<p class='Center'> <font color=White  size='50pt'>Password should be at least 3 characters long!</font> </p>";
    }
    // if no errors
    if (implode("", $error) === '')
    {
        // Password MUST be hashed using the dedicated function
        $Password = password_hash($input['Password'], PASSWORD_DEFAULT);
        $VIP= "NO";
        $Admin = "NO";
        $Creation_date = date('d-M-Y h:i:s A');
        $Last_Login = date('d-M-Y h:i:s A');
        $Login_Times=1;
        // a parameterized query MUST be used to avoid errors and injections
        $stmt = $db->prepare("INSERT INTO Users (Username, Email, Password, VIP, Admin, Creation_Date, Last_login, Login_Times) VALUES (?,?,?,?,?,?,?,?)");
        $stmt->execute([
            $Username, 
            $Email,
            $Password,
            $VIP,
            $Admin,
            $Creation_date,
            $Last_Login,
            $Login_Times,
        ]);
        echo "<p class='Center'> <font color=White  size='50pt'>Registeration successful</font> </p>";
        $_SESSION['Email'] = $Email;
        header("Location: home.php");
        die;
    }
}
?>

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="refresh" content="4;URL=login.php">
    <link rel="stylesheet" href="Styles/General.css">
    <link rel="stylesheet" href="Styles/Background.css">
    <link rel="icon" href ="favicon.ico" type="image/x-icon" /> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" />

    <title>Register & Login</title>
</head>

<body class="Blue-Black">
    <h1 class="Center">Please wait, you will be automatically redirected to the login & registeration page.</h1>
</body>

</html>

Validation.php:(这是问题)

<?php
require 'init.php';

$Email = $input['Email'] = trim(filter_input(INPUT_POST, 'Email'));
// i use one of the 3 below
$Password = $input['Password']; //if i use this it lets me in with any password
$Password = $_POST['Password']; // if i use this it doesn't let me in at all
$Password = filter_input(INPUT_POST, 'Password'); // if i add this to 1/ if i don't it still doesn't let me in

$result = $db->execute_query("SELECT Email FROM Users WHERE Email = ?", [$Email]);
if ($result->fetch_row()) {
    $select = "SELECT Password FROM Users WHERE Email = ?;";
    $result2 = $db ->execute_query($select, [$Email]) ; 
    $Get_hash = $result2 ->fetch_assoc();
    $hash = $Get_hash['Password'];
    if (password_verify($Password, $hash)) {
        $_SESSION['Email'] = $Email;
        $Date = date('d-M-Y h:i A');
        $Update = "UPDATE Users SET Last_Login = ?, Login_Times = Login_Times + 1 WHERE Users.Email = ?";
        $stmt = $db->execute_query($Update, [$Date, $Email]);
        header('location:home.php');
    }else{
        echo "<p class='Center'> <font color=White  size='50pt'>Invalid Password. Try again!</font> </p>";
    }
}else{
    echo "<p class='Center'> <font color=White  size='50pt'>There is no account associated with this email address please sign up!</font> </p>";
}
?>

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="refresh" content="4;URL=login.php">
    <link rel="stylesheet" href="Styles/General.css">
    <link rel="stylesheet" href="Styles/Background.css">
    <link rel="icon" href ="favicon.ico" type="image/x-icon" /> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" />

    <title>Register & Login</title>
</head>

<body class="Blue-Black">
    <h1 class="Center">Please wait, you will be automatically redirected to the login & registeration page.</h1>
</body>

</html>

登录.php

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <link rel="stylesheet" href="Styles/Bootstrap.css">
    <link rel="stylesheet" href="Styles/Font-Awesome.css">
    <link rel="stylesheet" href="Styles/General.css">
    <link rel="stylesheet" href="Styles/Login.css">
    <link rel="icon" href ="favicon.ico" type="image/x-icon" /> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" />

    <title>Register & Login</title>
</head>
<body>

      
    <a class="btn btn-danger" href="index.html">Cancel</a>

    <div>
        <h1 class="px20">Please Login after you Register if you don't have an account.</h1>
        <div>
        <div class="form-box">
            <div class="button-box">
                <div id="btn"></div>
                    <button type="button" class="toggle-btn" onclick="Login()">
                        Login
                    </button>
                    <button type="button" class="toggle-btn" onclick="Register()">
                        Register
                    </button>
            </div>

            <form action="validation.php" method="POST" id="Login" class="input-group">
                    <input type="Email" name="Email" class="input-field" placeholder="Email" required>
                    <input type="Password" name="Password" id="Password" class="input-field" placeholder="Password" required>

                    <i class="far fa-eye" id="togglePassword"></i>

                    <button type="submit" class="submit-btn">Login</button>
                </form>

                <form action="registeration.php" method="POST" id="Register" class="input-group">
                    <input type="Email" name="Email" class="input-field" placeholder="Email" required>
                    <input type="text" name="Username" class="input-field" placeholder="Username" required>
                    <input type="Password" name="Password" class="input-field" id="Password2" placeholder="Password" required>

                    <i class="far fa-eye" id="togglePassword2"></i>

                    <button type="submit" class="submit-btn">Register</button>
                </form>


        </div>
    </div>
    </div>

    <script src="Scripts/Login.js"></script>
</body>
</html>

出了点问题,但我不太明白(注意:我是 php 和 mysql 的新手,所以详细的解释将不胜感激,请不要评判我仍在学习,所以这个错误对于专业人士来说可能并不困难

php mysql database mysqli pdo
1个回答
0
投票

您不是对用户的密码进行哈希处理,而是对 

$input
中的空默认密码进行哈希处理(这个变量的用途是什么?)。改变

        $Password = password_hash($input['Password'], PASSWORD_DEFAULT);


        $Password = password_hash(Password, PASSWORD_DEFAULT);
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.