php - PHP登录只接受静态密码
问题描述
请帮助我,我是一个 php 初学者,我正在尝试构建一个具有注册页面和登录页面的系统,但现在我的登录页面出现问题,它只接受一个静态密码,即“密码”。我不知道为什么,我做错了什么?我还在登录脚本下方添加了我的注册脚本。
登录.php
<?php
session_start();
include("config.php");
$msg = "";
if(isset($_POST['login'])){
$email = $conn->real_escape_string($_POST['email']);
$password = $conn->real_escape_string($_POST['password']);
if($email == "" || $password == "")
$msg = "Email and Password are both required!";
else{
$sql = $conn->query ("SELECT user_id, password, is_active FROM users WHERE email = '$email'");
if($sql->num_rows > 0){
$data = $sql->fetch_array();
if('password' == $password){
if($data['is_active'] == 0)
$msg = "Please Verify Your Email!";
else{
$_SESSION['user_id'] = $user_id;
$_SESSION['name'] = $f_name;
header('Location: home.php');
//$msg = "Your are logged in";
}
}else
$msg = "Incorrect email and password combination";
}
}
}
?>
创建.php
<?php
include("config.php");
// use PHPMailer\PHPMailer\PHPMailer;
// use PHPMailer\PHPMailer\Exception;
//
// include_once "PHPMailer\PHPMailer.php";
// include_once "PHPMailer\Exception.php";
// include 'PHPMailer\SMTP.php';
global $error1, $error2, $error3, $error4, $error5, $error6, $msgSuccess;
global $info, $fail;
$user_name = $user_surname = $user_phone = $user_email = $user_password = "";
//$date_time = date('Y/m/d');
if(isset($_POST['submit'])){
$f_name = $_POST['f_name'];
$surname = $_POST['surname'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$password = $_POST['password'];
$sql_query = mysqli_query($conn, "SELECT * FROM users WHERE email = '{$email}'");
$count = mysqli_num_rows($sql_query);
if(!empty($f_name) && !empty($surname) && !empty($phone) && !empty($email) && !empty($password)){
if($count > 0){
$error1 ="<div class='alert alert-danger' role='alert'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a>User with Email Already Exist.
</div>'";
} else{
$user_name = mysqli_real_escape_string($conn, $f_name);
$user_surname = mysqli_real_escape_string($conn, $surname);
$user_phone = mysqli_real_escape_string($conn, $phone);
$user_email = mysqli_real_escape_string($conn, $email);
$user_password = mysqli_real_escape_string($conn, $password);
if(!filter_var($user_email, FILTER_VALIDATE_EMAIL)){
$error2 ="<div class='alert alert-danger' role='alert'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a>Email is Invalid.
</div>";
}
if(!preg_match("/^[a-zA-Z]*$/", $user_name)){
$error3 ="<div class='alert alert-danger' role='alert'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a> Only Letter Allowed for Firstname.
</div>";
}
if(!preg_match("/^[a-zA-Z]*$/", $user_surname)){
$error4 ="<div class='alert alert-danger' role='alert'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a>Only Letter Allowed for Lastname.
</div>";
}
if(!filter_var($user_phone, FILTER_SANITIZE_NUMBER_INT)){
$error5 ="<div class='alert alert-danger' role='alert'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a>Only numbers Allowed for phone number.
</div>";
}
if((preg_match("/^[a-zA-Z]*$/", $user_name)) && (preg_match("/^[a-zA-Z]*$/", $user_surname))
&& (filter_var($user_phone, FILTER_SANITIZE_NUMBER_INT))
&& (filter_var($user_email, FILTER_VALIDATE_EMAIL))){
$activation_key = md5(rand().time());
$password = password_hash($password, PASSWORD_BCRYPT);
$sql = "INSERT INTO users (f_name, surname, phone, email, password,
activation_key, is_active, date_time)
VALUES('{$f_name}', '{$surname}', '{$phone}', '{$email}', '{$password}', '{$activation_key}', '0', now())";
$query = mysqli_query($conn, $sql);
// $mail = new PHPMailer();
//
// $mail->isSMTP();
// $mail->SMTPDebug = 2;
// $mail->Host='smtp.gmail.com';
// $mail->Port=587;
// $mail->SMTPAuth=true;
// $mail->SMTPSecure='tls';
// $mail->Username='****************';
// $mail->Password='**************';
//
// $mail->setFrom('********@gmail.com');
// $mail->addAddress($_POST['email']);
// $mail->Subject = "Please Verify Email!";
// $mail->isHTML(true);
// $mail->Body = "
// Please Click on the link below:<br/>
//
// <a href='localhost/catch.a.ride/confirm.php?email=$email&activation_key=$activation_key'>Click Here</a>";
//
// if($mail->send())
// $msg = "You have been registerd, please verify your email!";
// else
// $msg = "Failed to register! please try again later"; // .$mail->ErrorInfo;
}
}
}else{
if(empty($f_name)){
$error3 ="<div class='alert alert-danger'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a> First name field can not be empty.
</div>";
}elseif (empty($surname)){
$error4 ="<div class='alert alert-danger' role='alert'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a>Last name field can not be empty.
</div>";
}elseif (empty($phone)){
$error5 ="<div class='alert alert-danger' role='alert'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a> Phone number field can not be empty.
</div>";
}elseif (empty($email)){
$error2 ="<div class='alert alert-danger' role='alert'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a>Email field can not be empty.
</div>";
}elseif (empty($password)){
$error6 ="<div class='alert alert-danger' role='alert'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a>Password field can not be empty.
</div>";
}else {
$msgSuccess = "<div class='alert alert-success'>
<a href='#' class='close' data-dismiss='alert' arial-label='close'>×</a> Added suucessfully, please follow the link xxxxx for activation.
</div>";
}
}
}
?>
解决方案
应该if(data['password'] == $password)
您从数据库中获取信息但检查不正确。也可以考虑使用密码哈希来使这些更安全。和往常一样,绑定你的参数。希望这可以帮助
推荐阅读
- docusaurus - Docusaurus - 如何删除 TOC(目录)?
- python - python boto - 没有存储桶名称的 AWS S3 访问
- php - 如何在数据库中存在的自定义列之后添加新列
- prometheus - 将 Prometheus 节点导出器实施到 Linux 代理并检索 CPU 使用率、磁盘使用率、内存使用率等指标
- mysql - 如何在 JPA 规范中使用 mysql 转换功能?
- ios - 动态发送函数到另一个飞镖颤振
- java - 如何解决“java.lang.IllegalStateException:Bean 名称‘taxForm’的 BindingResult 和普通目标对象都不能用作请求属性”
- django - 在我的 RegisterClass 视图中有一些逻辑错误?
- reactjs - React 元素被渲染两次
- perl - 如何在 perl 中切换 NVM 环境