我目前正在Youtube上关注Phpacademy的Alex的名为Register & Login/PHP教程的教程,这是第5部分,这里是login.php
<?php
include 'core/init.php';
if (empty($_POST) === false) {
$username = $_POST['username'];
$password = $_POST['password'];
if (empty($username) === true || empty($password) === true) {
$errors[] = 'You need to enter a username and password ';
} else if (user_exists($username) === false) {
$errors[] = 'We couldn''t find that username. Have you registered?';
}
else if (user_active($username) === false){
$errors[] = 'You havn''t activated your account!';
}
else {
$login = login($username, $password);
if ($login === false) {
$error[] = 'That username/password combination is incorrect';
} else {
$_SESSION['user_id'] = $login;
header('Location: index.php');
exit();
}
}
}
print_r($errors);
?>
这是用户.php
<?php
function user_exists($username) {
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '.$username'"), 0) == 1) ? true : false;
}
function user_active($username) {
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '.$username' AND `active` = 1 ") , 0 ) == 1 ) ? true : false;
}
function user_id_from_username($username){
$username = sanitize($username);
return mysql_result (mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username' "), 0, 'user_id');
}
function login($username, $password){
$user_id = user_id_from_username($username);
$username = sanitize($username);
$password = md5($password);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '.$username' AND `password` = '.$password'"), 0) == 1) ? $user_id : false;
}
?>
这是输出Array ( [0] => We couldn't find that username. Have you registered? )
我是新来的,提前道歉
WHERE `username` = '.$username' AND `password` = '.$password'"
删除点
您的 SQL 查询将返回错误的结果。否则,如果.jond
输入的用户名为 jond
,您将在数据库中搜索 。
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '.$username'"), 0) == 1) ? true : false;
在查询中$username
和$password
之前删除.
。
"SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'"
您的查询需要稍作调整。删除用户名前面的句点,因为它位于双引号内
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'"), 0) == 1) ? true : false;
对于该文件中的其他查询,情况相同。正如评论中提到的,你真的应该从不推荐使用的mysql_*函数切换到PDO/mysqli,这样你的代码仍然可以在未来版本的PHP中工作,并且你不会受到注入黑客的攻击。
你的代码总体上非常可怕。你不应该像那样嵌套你的mysql调用。像这样嵌套意味着您认为数据库操作永远不会失败。这是一个非常糟糕的假设。
话虽如此,这里至少有一个问题来源:
return (...snip ... WHERE `username` = '.$username'"), 0) == 1) ? true : false;
^--- here
您已在该查询中嵌入了一个.
,使您的所有用户名看起来像.foo
,而不仅仅是foo
。该问题存在于user_exists()
、user_active()
和login()
中。