由于某种原因,这段代码。。。
if(empty($_POST) === false) {
#$username = htmlentities(mysqli_real_escape_string($conn, $_POST['username']));
#$password = htmlentities(mysqli_real_escape_string($conn, $_POST['password']));
$username = $_POST['username'];
$password = $_POST['password'];
if(empty($username) === true || empty($password) === true) {
$errors[] = 'You need to enter a username and a password';
} else if (user_exists($username) === false) {
# code...
$errors[] = 'We can''t find that username. Have you registered?';
} else {
$login = login($username,$password);
if($login === false) {
$errors[] = 'That username/password combination is incorrect.';
} else {
die($login);
$_SESSION['user_id'] = $login;
header('Location: index.php');
exit();
}
}
output_errors($errors);
}
下面是函数。。不确定这里到底发生了什么,使它不真实。当然,我还在学习mysqli_*
扩展,但逻辑对我来说是有意义的。这很奇怪。
function user_id_from_username($username) {
$conn = mysqli_connect("127.0.0.1","root","","lr");
$username = sanitize($username);
return mysqli_data_seek(mysqli_query($conn, "SELECT `id` FROM `users` WHERE `username` = '$username'"), 0);
mysqli_close($conn);
}
function login($username,$password) {
$conn = mysqli_connect("127.0.0.1","root","","lr");
$user_id = user_id_from_username($username);
$username = sanitize($username);
$password = md5($password);
return (mysqli_data_seek(mysqli_query($conn,"SELECT COUNT(`id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'"), 0) == 1) ? $user_id : false;
#return (mysqli_query($conn,"SELECT count('id') FROM users WHERE username = '$username' AND password = '$password'") === 1) ? $user_id : false;
}
Mysqli_data_seek返回true或false,并在mysql结果资源上设置一个指向所需偏移量的指针。
关于如何使用这些函数,请参阅PHP手册。
http://php.net/manual/en/mysqli-result.data-seek.php