php 使用户名和口令输入区分大小写

2vuwiymt  于 2022-12-10  发布在  PHP
关注(0)|答案(2)|浏览(161)

嗨,我想在这里添加一个区分大小写的错误陷阱在我的登录函数,顺便说一下,我正在使用MVC框架有人能帮忙吗?我想使用户名和密码区分大小写,这样输入不匹配的错误异常将发生..................我已经尝试过,但失败了,也许有人可以帮助我热去解决这个困境

//THIS IS THE CODE OF MY CONTROLLER

public function login() {
        if(isLoggedIn()) {
            header("Location: " .URLROOT . "/");
        }
        $data = [
            'title' => 'Login page',
            'username' => '',
            'password' => '',
            'usernameError' => '',
            'passwordError' => ''
        ];

    

        //Check for post
        if($_SERVER['REQUEST_METHOD'] == 'POST'){
            //Sanitize post data
            $_POST = filter_input_array(INPUT_POST);

            $data = [
                'username' => trim($_POST['username']),
                'password' => trim($_POST['password']),
                'usernameError' => '',
                'passwordError' => '',
            ];
            $findUser = $this->userModel->findUser($data);

            //Validate username
            if(empty($data['username'])){
                $data['usernameError'] = 'Please enter a username.';
            }else if($findUser === false){
                $data['usernameError'] = "Username not registered";
            }

            //Validate username
            if(empty($data['password'])){
                $data['passwordError'] = 'Please enter a password.';
            }else if($findUser === false){
                $data['passwordError'] = "Password not registered";
            }
           

            $findUser = $this->userModel->getUserDetails($data);


            //Check if all errors are empty
            if(empty($data['usernameError']) && empty($data['passwordError'])){
                $loggedInUser = $this->userModel->login($data['username'], $data['password']);

                if($loggedInUser){
                    $this->createUserSession($loggedInUser);
                }else {
                    $data['passwordError'] = 'Password is incorrect. Please try again.';

                    $this->view('users/login',$data);
                }

            }
            
        }else{
            $data = [
                'username' => '',
                'password' => '',
                'usernameError' => '',
                'passwordError' => ''
            ];
        }


//THIS IS THE CODE OF MY MODEL


public function login($username, $password) {
        $this->db->query('SELECT * FROM user WHERE username = :username');

        //Bind value
        $this->db->bind(':username', $username);

        $row = $this->db->single();

        $hashedPassword = !empty($row) ? $row->password:'';

        if(password_verify($password, $hashedPassword)){
            return $row;
        }else {
            return false;
        }
    }

        $this->view('users/login', $data);
    }

区分大小写错误陷阱

cuxqih21

cuxqih211#

如果您需要进行区分大小写的查询,使用BINARY运算符非常容易,它会强制进行逐字节比较:

SELECT * FROM `table` WHERE BINARY `column` = 'value'
7uzetpgm

7uzetpgm2#

密码是区分大小写的,因为它使用的是原生的password_hashpassword_verify函数,所以可以很容易地使用以下函数进行测试:

var_dump(password_verify('AAA', password_hash('AAA', PASSWORD_DEFAULT))); // true
var_dump(password_verify('AAA', password_hash('aaa', PASSWORD_DEFAULT))); // false

如果您真的希望用户名区分大小写,也可以对用户名字段使用区分大小写的排序规则,例如utf8mb4_0900_as_cs,more info here

ALTER TABLE `users` CHANGE COLUMN `username` `username` VARCHAR(255) CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_0900_as_cs' NOT NULL;

测试用例:

INSERT INTO `users` (`username`) VALUES ('test');

SELECT * FROM `users` WHERE `username`='TEST'; /* returns nothing as expected */

相关问题