php函数中的mysql连接不工作

fnvucqvd  于 2021-06-21  发布在  Mysql
关注(0)|答案(0)|浏览(259)

我想在网站上建立一个登录系统。首先,我编写了一个名为“userconn.php”的文件,用于连接mysql。代码如下:

<?php
/* Database credentials. Assuming you are running MySQL
server with default setting (user 'root' with no password) */
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'root');
define('DB_PASSWORD', '******************');
define('DB_NAME', 'userinfo');

/* Attempt to connect to MySQL database */
$link = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME);

// Check connection
if($link === false){
    die("ERROR: Could not connect. " . mysqli_connect_error());
}
?>

然后我写了一个名为“login.php”的文件。该文件调用“userconn.php”文件连接到数据库,然后将输入的用户名和密码与数据库中的记录进行比较。如果找到匹配项,将启动会话并将用户重定向到主页。在重定向之前,会调用一个名为“onlogin”的函数,为用户名颁发一个令牌,用作rememberme cookie。此函数调用另一个名为“storetokenforuser”的函数将令牌和用户名存储在数据库表中。问题是后一个函数中的sql语句在登录后没有在数据库表中存储任何数据。
“login.php”代码如下:

<?php
// Include config file
require_once 'userConn.php';

// Define variables and initialize with empty values
$username = $password = "";
$username_err = $password_err = "";

// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){

    // Check if username is empty
    if(empty(trim($_POST["username"]))){
        $username_err = 'Please enter username.';
    } else{
        $username = trim($_POST["username"]);
    }

    // Check if password is empty
    if(empty(trim($_POST['password']))){
        $password_err = 'Please enter your password.';
    } else{
        $password = trim($_POST['password']);
    }

    // Validate credentials
    if(empty($username_err) && empty($password_err)){
        // Prepare a select statement
        $sql = "SELECT username, password FROM users WHERE username = ?";

        if($stmt = mysqli_prepare($link, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, "s", $param_username);

            // Set parameters
            $param_username = $username;

            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                // Store result
                mysqli_stmt_store_result($stmt);

                // Check if username exists, if yes then verify password
                if(mysqli_stmt_num_rows($stmt) == 1){                    
                    // Bind result variables
                    mysqli_stmt_bind_result($stmt, $username, $hashed_password);
                    if(mysqli_stmt_fetch($stmt)){
                        if(password_verify($password, $hashed_password)){
                            /* Password is correct, so start a new session and
                        save the username to the session */
                            session_start();
                            $_SESSION['username'] = $username;  
                            onLogin($username);
                            header("location: new_homepage.php");
                        } else{
                            // Display an error message if password is not valid
                            $password_err = 'The password you entered was not valid.';
                        }
                    }
                } else{
                    // Display an error message if username doesn't exist
                    $username_err = 'No account found with that username.';
                }
            } else{
                echo "Oops! Something went wrong. Please try again later.";
            }
        }

        // Close statement
        mysqli_stmt_close($stmt);
    }

    // Close connection
    mysqli_close($link);
}

function onLogin($user) {
    $token = random_bytes(256); // generate a token, should be 128 - 256 bit
    $SECRET_KEY = random_bytes(256);
    storeTokenForUser($user, $token);
    $cookie = $user . ':' . $token;
    $mac = hash_hmac('sha256', $cookie, $SECRET_KEY);
    $cookie .= ':' . $mac;
    setcookie('rememberme', $cookie);
}

function storeTokenForUser($usernameTok, $tokenvalue){
    global $link;
    $sql = "INSERT INTO tokens (username, tokenvalue) VALUES ('".$usernameTok."', '".$tokenvalue."')";
    $link->query($sql);
}
?>

有人能给我解释一下为什么“storetokenforuser”函数中的sql不起作用,以及修复这个问题的解决方案吗?
我也为“storetokenforuser”函数尝试了下面的代码,但没有成功:

function storeTokenForUser($usernameTok, $tokenvalue){
    global $link;
    $sql = "INSERT INTO tokens (username, tokenvalue) VALUES (?, ?)";
    if($stmt = mysqli_prepare($link, $sql)){
            mysqli_stmt_bind_param($stmt, "ss", $param_username, $param_token);

            $param_username = $usernameTok;
            $param_token = $tokenvalue;

            mysqli_stmt_execute($stmt);
    }
    mysqli_stmt_close($stmt);
}

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题