我正在用php+mysql构建一个简单的登录页面。使用输入发送用户名和密码,并在url上获取状态,但每次单击 submit
,显然没有什么去数据库上的登录数据检查。my index.php代码:
<?php session_start(); ?>
<!doctype html>
<html lang="en">
<head>
<!-- Required meta tags -->
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<!-- Bootstrap CSS -->
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css"
integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
<link rel="stylesheet" type="text/css" href="style.css">
<title>Integração transporte</title>
</head>
<body>
<div class="login-page">
<div class="form">
<p>Integração Transporte</p>
<br>
<form class="login-form" action="includes/login.inc.php" method="POST">
<input type="text" name="uid" placeholder="nome de usuário ou e-mail"/>
<input type="password" name="pwd" placeholder="senha"/>
<button type="submit" name="submit">Login</button>
</form>
</div>
</div>
<!-- Optional JavaScript -->
<!-- jQuery first, then Popper.js, then Bootstrap JS -->
<script src="https://code.jquery.com/jquery-3.3.1.slim.min.js"
integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo"
crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js"
integrity="sha384-ZMP7rVo3mIykV+2+9J3UJ46jBk0WLaUAdn689aCwoqbBJiSnjAK/l8WvCWPIPm49"
crossorigin="anonymous"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js"
integrity="sha384-ChfqqxuZUCnJSK3+MXmPNIyE6ZbWh2IMqE241rYiqJxyMiZ6OW/JmZQ5stwEULTy"
crossorigin="anonymous"></script>
</body>
</html>
my login.inc.php文件:
<?php
session_start();
if (isset($_POST['submit'])) {
echo error_reporting(-1);
include 'dbh.inc.php';
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//Errors
//Check if inputs are empty
if (empty($uid) || empty($pwd)) {
header("Location: ../index.php?login=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid = '$uid' OR user_email = '$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1) {
header("Location: ../index.php?login=error");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)) {
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if ($hashedPwdCheck == false) {
header("Location: ../index.php?login=empty");
exit();
} elseif ($hashedPwdCheck == true) {
//Login the user here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../index.php?login=success");
exit();
}
}
}
}
} else {
header("Location: ../index.php?login=error");
exit();
}
my dbh.inc.php(db connection)文件:
<?php
/**
* Created by PhpStorm.
* User: root
* Date: 17/08/18
* Time: 18:43
*/
# Dados para a conexão com o banco de dados
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "Lucas@09";
$dbName = "dbtest";
# Executa a conexão com o MySQL
$conn = mysqli_connect($dbServername, $dbUsername, $dbPassword, $dbName);
我的数据库:
如何解决我的问题?我只是不知道我现在需要做什么。。。我很笨。
1条答案
按热度按时间zpgglvta1#
我查过你的密码了。
echo password_hash("root", PASSWORD_DEFAULT);
//$2y$10$UIy0lTtvLV.5GZ2rrQGxUeJEaizxTm891mhpCqj5BFJQaVbVhnsdy