javascript - 为什么这个 PHP 登录脚本不起作用?
问题描述
我希望用户从此登录页面登录到他的帐户。它应该根据用户是否将字段留空、登录条件不正确或详细信息是否正确来执行不同的操作。但它一直给出“登录失败,请重试”的响应。有人可以帮我解决这个问题吗?
<?php
include_once("db_con.php");
if(isset($_POST['e'])) {
$e = mysqli_real_escape_string($db_con, $_POST['e']);
$p = mysqli_real_escape_string($db_con, $_POST['p']);
$p_hash = password_hash($p, PASSWORD_DEFAULT);
if($e == "" || $p == ""){
echo "login_failed";
exit();
} else {
$sql = "SELECT id, username, password FROM users WHERE email='$e' LIMIT
1";
$login_query = mysqli_query($db_con, $sql);
$row = mysqli_fetch_array($login_query, MYSQLI_ASSOC);
$db_id = $row["id"];
$db_username = $row["username"];
$db_pass_str = $row["password"];
if($p_hash != $db_pass_str){
echo "login_failed";
exit();
}
else {
// CREATE THEIR SESSIONS AND COOKIES
$user_closed_query = mysqli_query($db_con, "SELECT * FROM users
WHERE email='$e' AND user_closed='yes'");
if(mysqli_num_rows($user_closed_query)) {
$account_reopen = mysql_query($db_con, "UPDATE users SET
user_closed='no' WHERE email='$e'");
}
$_SESSION['userid'] = $db_id;
$_SESSION['username'] = $db_username;
$_SESSION['password'] = $db_pass_str;
setcookie("id", $db_id, strtotime( '+30 days' ), "/", "", "", TRUE);
setcookie("user", $db_username, strtotime( '+30 days' ), "/", "",
"", TRUE);
setcookie("pass", $db_pass_str, strtotime( '+30 days' ), "/", "",
"", TRUE);
// UPDATE THEIR "IP" AND "LASTLOGIN" FIELDS
$sql = "UPDATE users SET lastlogin=now() WHERE
username='$db_username' LIMIT 1";
$query = mysqli_query($db_con, $sql);
echo $db_username;
exit();
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title></title>
<script>
function login(){
var e = document.getElementById("log_email");
var p = document.getElementById("log_password");
if(e == "" || p == ""){
document.getElementById("status").innerHTML = "Fill out all of the form
data";
} else {
document.getElementById("login_button").disabled = true;
document.getElementById("status").innerHTML = "Please wait...";
var ajax = new XMLHttpRequest();
ajax.open("POST", "login.php", true);
ajax.setRequestHeader("Content-type", "application/x-www-form-
urlencoded");
ajax.onreadystatechange = function(){
if(ajax.readyState == 4 && ajax.status == 200){
document.getElementById("status").innerHTML = ajax.responseText;
if(ajax.responseText == "login_failed"){
document.getElementById("status").innerHTML = "Login
unsuccessful, please try again.";
document.getElementById("login_button").disabled = false;
} else {
window.location = "index.php?u="+ajax.responseText;
}
}
}
ajax.send("e="+e+"&p="+p);
}
}
</script>
</head>
<body>
<div>
<h3>Log In Here</h3>
<!-- LOGIN FORM -->
<form id="loginform" onsubmit="return false;">
<div>Email Address:</div>
<input type="text" id="log_email" name="log_email" maxlength="88">
<div>Password:</div>
<input type="password" id="log_password" name="log_password"
maxlength="100">
<br /><br />
<button id="login_button" onclick="login()">Log In</button>
<span id="status"></span>
<a href="#">Forgot Your Password?</a>
</form>
<!-- LOGIN FORM -->
</div>
</body>
</html>
提前致谢!即使我输入了正确的电子邮件和密码,登录失败的页面也会响应。我希望它在用户成功登录时转到 index.php。这是图像:- 这是每次发生的屏幕截图。
解决方案
您正在使用passwod_hash()哈希密码,但您没有使用password_verify()验证它。
推荐阅读
- c - 有没有办法声明一个复数而不包括
? - html - colspan 未应用于表格列
- python - 如何使用推断模式读取列名中带有点的 JSON 文件(Spark/Pyspark)?
- android - 代表公共客户将 APK 发布到 Google Play 的更简单方法
- javascript - 对 javascript 键名进行排序
- ios - App Store Connect 上的德语(瑞士)德语(奥地利) - 发行说明
- python - 一维卷积神经网络输入形状`ValueError`
- css - Ionic 3 在页面顶部修复了一个 div,即使用户上下滚动不使用 sass 脚本,它也会继续显示
- c++ - 使用 pybind11,如何为 array_t 对象设置底层内存的所有权?
- tensorflow - 在 tf.contrib.layers 中分配权重时是否有替代 constant_initializer 的方法