我想在网站上建立一个登录系统。首先,我编写了一个名为“userconn.php”的文件,用于连接mysql。代码如下:
<?php
/* Database credentials. Assuming you are running MySQL
server with default setting (user 'root' with no password) */
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'root');
define('DB_PASSWORD', '******************');
define('DB_NAME', 'userinfo');
/* Attempt to connect to MySQL database */
$link = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME);
// Check connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
?>然后我写了一个名为“login.php”的文件。该文件调用“userconn.php”文件连接到数据库,然后将输入的用户名和密码与数据库中的记录进行比较。如果找到匹配项,将启动会话并将用户重定向到主页。在重定向之前,会调用一个名为“onlogin”的函数,为用户名颁发一个令牌,用作rememberme cookie。此函数调用另一个名为“storetokenforuser”的函数将令牌和用户名存储在数据库表中。问题是后一个函数中的sql语句在登录后没有在数据库表中存储任何数据。
“login.php”代码如下:
<?php
// Include config file
require_once 'userConn.php';
// Define variables and initialize with empty values
$username = $password = "";
$username_err = $password_err = "";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Check if username is empty
if(empty(trim($_POST["username"]))){
$username_err = 'Please enter username.';
} else{
$username = trim($_POST["username"]);
}
// Check if password is empty
if(empty(trim($_POST['password']))){
$password_err = 'Please enter your password.';
} else{
$password = trim($_POST['password']);
}
// Validate credentials
if(empty($username_err) && empty($password_err)){
// Prepare a select statement
$sql = "SELECT username, password FROM users WHERE username = ?";
if($stmt = mysqli_prepare($link, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Set parameters
$param_username = $username;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if(mysqli_stmt_num_rows($stmt) == 1){
// Bind result variables
mysqli_stmt_bind_result($stmt, $username, $hashed_password);
if(mysqli_stmt_fetch($stmt)){
if(password_verify($password, $hashed_password)){
/* Password is correct, so start a new session and
save the username to the session */
session_start();
$_SESSION['username'] = $username;
onLogin($username);
header("location: new_homepage.php");
} else{
// Display an error message if password is not valid
$password_err = 'The password you entered was not valid.';
}
}
} else{
// Display an error message if username doesn't exist
$username_err = 'No account found with that username.';
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
}
// Close connection
mysqli_close($link);
}
function onLogin($user) {
$token = random_bytes(256); // generate a token, should be 128 - 256 bit
$SECRET_KEY = random_bytes(256);
storeTokenForUser($user, $token);
$cookie = $user . ':' . $token;
$mac = hash_hmac('sha256', $cookie, $SECRET_KEY);
$cookie .= ':' . $mac;
setcookie('rememberme', $cookie);
}
function storeTokenForUser($usernameTok, $tokenvalue){
global $link;
$sql = "INSERT INTO tokens (username, tokenvalue) VALUES ('".$usernameTok."', '".$tokenvalue."')";
$link->query($sql);
}
?>有人能给我解释一下为什么“storetokenforuser”函数中的sql不起作用,以及修复这个问题的解决方案吗?
我也为“storetokenforuser”函数尝试了下面的代码,但没有成功:
function storeTokenForUser($usernameTok, $tokenvalue){
global $link;
$sql = "INSERT INTO tokens (username, tokenvalue) VALUES (?, ?)";
if($stmt = mysqli_prepare($link, $sql)){
mysqli_stmt_bind_param($stmt, "ss", $param_username, $param_token);
$param_username = $usernameTok;
$param_token = $tokenvalue;
mysqli_stmt_execute($stmt);
}
mysqli_stmt_close($stmt);
}
暂无答案!
目前还没有任何答案,快来回答吧!