When I click submit, the input validation works, but even when I type in the username and password correctly that is stored in my database exactly as I'm entering it, with consideration of the hash, but all I get is the error message telling me the combination is incorrect.
当我单击提交时,输入验证可以正常工作,但即使我正确地输入存储在我的数据库中的用户名和密码,就像我输入它一样,考虑到哈希,但我得到的只是错误消息告诉我的组合是不正确的。
This is my login script:
这是我的登录脚本:
$username = $_POST['username'];
$password = $_POST['password'];
if (isset($_POST['submit']) === true) {
$login = login($username, $password);
if (empty($username) === true || empty($password) === true) {
$errors[] = "Please fill in all fields";
} elseif ($login === false) {
$errors[] = "That username and password combination is incorrect";
} else {
$_SESSION['login'] = $login;
echo 'Logged in';
}
}
And here are the functions:
以下是功能:
function login($username, $password) {
global $conn;
$query = "SELECT userId FROM users where userName = '$username' AND userPass = '$password'";
$result = mysqli_query($conn, $query);
$row_count = mysqli_num_rows($result);
if ($row_count >= 1) {
return $query['userId'];
} else {
return false;
}
}
在此处输入图像描述
3 个解决方案
#1
0
The first thing I would suggest you try is to manually compare the md5 hashed password to what's strutted in the table. If you're absolutely sure they're equal, run a manual query using that value from toad or phpmyadmin and see if you get a result. If not the problem could be in the query. If you get a result check your mysqli_num_rows function and instead of returning the user id echo it in your test environment.
我建议你尝试的第一件事是手动比较md5哈希密码和表格中的支持密码。如果您完全确定它们是相同的,请使用toad或phpmyadmin中的值运行手动查询,看看是否得到了结果。如果不是问题可能在查询中。如果你得到一个结果,检查你的mysqli_num_rows函数,而不是返回用户id在你的测试环境中回显它。
What else have you done to debug?
你还做了什么调试?
#2
0
I guess your code needs some fixes since your checking the parameters if they are empty after you query it to the database, getting the userID before checking if his password is correct.. and so on..
我猜你的代码需要一些修复,因为你查询参数,如果它们是空的,你查询它到数据库后,在检查他的密码是否正确之前得到userID等等。
But first, after the line
但首先,在线之后
$query = "SELECT userId FROM users where userName = '$username' AND userPass = '$password'";
why don't u put
你为什么不放
die($query);
run the page, copy the result, paste it into phpMyAdmin query box, and see if the result fits your needs.
运行页面,复制结果,将其粘贴到phpMyAdmin查询框中,看看结果是否符合您的需求。
#3
0
You can simplify it down to this, however I would not recommend taking user input without XSS scrubbing it. Especially for a table such as login.
您可以将其简化为此,但我不建议在没有XSS擦除的情况下接受用户输入。特别是对于登录这样的表。
function login($username, $password) {
global $conn;
$password = md5($password);
$query = "SELECT userId FROM users where userName = '$username' AND userPass = '$password' LIMIT 1";
$result = mysqli_query($conn, $query);
$row_count = mysqli_num_rows($result);
if ($row_count >= 1) {
return $query['userId'];
} else {
return false;
}
}
#1
0
The first thing I would suggest you try is to manually compare the md5 hashed password to what's strutted in the table. If you're absolutely sure they're equal, run a manual query using that value from toad or phpmyadmin and see if you get a result. If not the problem could be in the query. If you get a result check your mysqli_num_rows function and instead of returning the user id echo it in your test environment.
我建议你尝试的第一件事是手动比较md5哈希密码和表格中的支持密码。如果您完全确定它们是相同的,请使用toad或phpmyadmin中的值运行手动查询,看看是否得到了结果。如果不是问题可能在查询中。如果你得到一个结果,检查你的mysqli_num_rows函数,而不是返回用户id在你的测试环境中回显它。
What else have you done to debug?
你还做了什么调试?
#2
0
I guess your code needs some fixes since your checking the parameters if they are empty after you query it to the database, getting the userID before checking if his password is correct.. and so on..
我猜你的代码需要一些修复,因为你查询参数,如果它们是空的,你查询它到数据库后,在检查他的密码是否正确之前得到userID等等。
But first, after the line
但首先,在线之后
$query = "SELECT userId FROM users where userName = '$username' AND userPass = '$password'";
why don't u put
你为什么不放
die($query);
run the page, copy the result, paste it into phpMyAdmin query box, and see if the result fits your needs.
运行页面,复制结果,将其粘贴到phpMyAdmin查询框中,看看结果是否符合您的需求。
#3
0
You can simplify it down to this, however I would not recommend taking user input without XSS scrubbing it. Especially for a table such as login.
您可以将其简化为此,但我不建议在没有XSS擦除的情况下接受用户输入。特别是对于登录这样的表。
function login($username, $password) {
global $conn;
$password = md5($password);
$query = "SELECT userId FROM users where userName = '$username' AND userPass = '$password' LIMIT 1";
$result = mysqli_query($conn, $query);
$row_count = mysqli_num_rows($result);
if ($row_count >= 1) {
return $query['userId'];
} else {
return false;
}
}