我遵循了一个简单的 php 登录和注册脚本的在线教程,但是当我尝试登录时,它只是失败了,弹出我的错误消息"登录失败。请重试或注册"。注册页的工作原理是它在数据库中创建一个新条目,但它也不会重定向到给定的重定向页。这是代码:
class.user.php (这在配置文件中包含一次)
<?php
class USER {
private $db_user;
function __construct($db) {
$this->db_user = $db;
}
public function register($u_fname,$u_lname,$u_email,$u_tel,$uname,$upass) {
try {
$new_password = password_hash($upass, PASSWORD_DEFAULT);
$stmt = $this->db_user->prepare("INSERT INTO users(user,pass,first_name,last_name,telephone,email) VALUES(:user, :pass, :fname, :lname, :tel, :email)");
$stmt->bindparam(":user", $uname);
$stmt->bindparam(":pass", $new_password);
$stmt->bindparam(":email", $u_email);
$stmt->bindparam(":fname", $u_fname);
$stmt->bindparam(":lname", $u_lname);
$stmt->bindparam(":tel", $u_tel);
$stmt->execute();
return $stmt;
} catch(PDOException $e) {
echo $e->getMessage();
}
}
public function login($uname, $upass) {
try {
$stmt = $this->db_user->prepare("SELECT * FROM users WHERE user=:user LIMIT 1");
$stmt->execute(array(':user'=>$uname));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
if($stmt->rowCount() > 0) {
if(password_verify($upass, $userRow['pass'])) {
$_SESSION['user_session'] = $userRow['id'];
return true;
} else {
return false;
}
}
} catch(PDOException $e) {
echo $e->getMessage();
}
}
public function is_loggedin() {
if(isset($_SESSION['user_session'])) {
return true;
}
}
public function logout() {
session_destroy();
unset($_SESSION['user_session']);
return true;
}
}
?>
登录.php
<?php
$page_title = "Love Deals Login";
require('inc/connect/config.php');
include('inc/header.php');
if($user->is_loggedin()!="") {
$user->redirect('home.php');
}
if(isset($_POST['login'])) {
$uname = $_POST['txt_uname'];
$upass = $_POST['txt_upass'];
if($user->login($uname,$upass)) {
$user->redirect('home.php');
} else {
$error = "Login failed. Please try again, or register";
}
}
?>
<div class="container" style="padding: 100px 0 0 0;">
<div class="form-container">
<form method="post" id="login">
<h3>Please login</h3>
<?php if(isset($error)) {
?>
<div class="alert alert-danger">
<i class="glyphicon glyphicon-warning-sign"></i> <?php echo $error; ?>
</div>
<?php
}
?>
<div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
<input type="text" class="form-control" name="txt_uname" placeholder="Username" required />
</div>
<div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
<input type="password" class="form-control" name="txt_upass" placeholder="Password" required />
</div>
<div class="clearfix"></div>
<div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
<button type="submit" name="login" class="btn btn-primary pull-right">
<i class="glyphicon glyphicon-log-in"></i> Login</button>
</div>
<div class="col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3" style="text-align: center;">
<label>Don't have an account yet? <a href="signup.php">Register now</a></label>
</div>
</form>
</div>
</div>
<footer class="navbar-fixed-bottom search-footer">
<div class="container">
<div class="row">
<?php include('inc/footer.php'); ?>
注册.php
<?php
$page_title = "Love Deals Register";
require('inc/connect/config.php');
include('inc/header.php');
if($user->is_loggedin()!="") {
$user->redirect('home.php');
}
if(isset($_POST['signup'])) {
$u_fname = trim($_POST['sign_fname']);
$u_lname = trim($_POST['sign_lname']);
$u_tel = trim($_POST['sign_tel']);
$u_email = trim($_POST['sign_email']);
$uname = trim($_POST['sign_uname']);
$upass = trim($_POST['sign_upass']);
if($u_fname=="") {
$error[] = "please provide first name";
} else if ($u_lname=="") {
$error[] = "please provide last name";
} else if($u_tel=="") {
$error[] = "please provide contact number";
} else if($u_email=="") {
$error[] = "please provide an email address";
} else if(!filter_var($u_email, FILTER_VALIDATE_EMAIL)) {
$error[] = "please provide a valid email address";
} else if($uname=="") {
$error[] = "please provide username";
} else if($upass=="") {
$error[] = "please provide password";
} else if(strlen($upass) < 8) {
$error[] = "Password must be at least 8 characters";
} else {
try {
$stmt = $db->prepare("SELECT user FROM users WHERE user=:uname");
$stmt->execute(array(':uname'=>$uname));
$row=$stmt->fetch(PDO::FETCH_ASSOC);
if($row['user']==$uname) {
$error[] = "sorry, username already taken! please choose another";
} else {
if($user->register($u_fname,$u_lname,$u_tel,$u_email,$uname,$upass)) {
$user->redirect('signup.php?joined');
}
}
} catch(PDOException $e) {
echo $e->getMessage();
}
}
}
?>
<div class="container" style="padding: 100px 0 0 0;">
<div class="form container">
<form method="post" id="signup">
<h3>Register</h3>
<?php if(isset($error)) {
foreach($error as $error) {
?>
<div class="alert alert-danger">
<i class="glyphicon glyphicon-warning-sign"></i> <?php echo $error; ?>
</div>
<?php
}
} else if(isset($_GET['joined'])) {
?>
<div class="alert alert-info">
<i class="glyphicon glyphicon-log-in"></i> Thanks! You are now registered. <a href="login.php">Login</a>
</div>
<?php
}
?>
<div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
<input type="text" class="form-control" name="sign_fname" placeholder="First Name" required />
</div>
<div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
<input type="text" class="form-control" name="sign_lname" placeholder="Last Name" required />
</div>
<div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
<input type="text" class="form-control" name="sign_tel" placeholder="Contact Number" required />
</div>
<div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
<input type="text" class="form-control" name="sign_email" placeholder="Email" value="<?php if(isset($error)){echo $umail;}?>" required />
</div>
<div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
<input type="text" class="form-control" name="sign_uname" placeholder="Username" value="<?php if(isset($error)){echo $uname;}?>" required />
</div>
<div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 login">
<input type="password" class="form-control" name="sign_upass" placeholder="Password" required />
</div>
<div class="clearfix"></div>
<div class="form-group col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3">
<button type="submit" class="btn btn-primary center-block" name="signup">
<i class="glyphicon glyphicon-open-file"></i> Register</button>
</div>
<div class="col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3" style="text-align: center;">
<label>Already have an account? <a href="login.php">Login</a></label>
</div>
</form>
</div>
</div>
<footer class="navbar-fixed-bottom search-footer">
<div class="container">
<div class="row">
<?php include('inc/footer.php'); ?>
最后,回家.php
<?php
$page_title = "Love Deals User Home";
require('inc/connect/config.php');
include('inc/header.php');
if(!$user->is_loggedin()) {
$user->redirect('login.php');
}
$user_id = $_SESSION['user_session'];
$stmt = $db->prepare("SELECT * FROM users WHERE id=:user_id");
$stmt->execute(array(":user_id"=>$user_id));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
?>
<div class="container" style="padding: 100px 0 0 0;">
<h3>welcome back <?php print($userRow['user']); ?></h3>
</div>
<div>
<label><a href="logout.php?logout=true"><i class="glyphicon glyphicon-log-out"> logout</a></label>
</div>
只是看不出我哪里出了问题! 请温柔...我对 php 很陌生。
提前致谢
凯莉
"我只是将密码列设置为最多 25 个字符的 varchar...... – 凯莉"
问题来了。 password_hash()生成一个 60 个字符长度的字符串。
您当前的密码如下所示,例如:
$2y$10$.vGA1O9wmRjrwAVXD9
与它应该的样子相反,即:
$2y$10$.vGA1O9wmRjrwAVXD98HNOgsNpDczlqm3Jq7KnEd1rVAGv3Fykk1a
"使用 bcrypt 算法(默认为 PHP 5.5.0)。请注意,此常量旨在随着新的和更强大的算法添加到 PHP 中而随时间而变化。因此,使用此标识符的结果长度可能会随时间而变化。因此,建议将结果存储在可以扩展到 60 个字符以上的数据库列中(255 个字符将是一个不错的选择)。
- 您需要清除密码行,将列的长度更改为 60+,或者按照手册的建议更改为 255,然后使用新的哈希重新开始。
参考:
- http://php.net/manual/en/function.password-hash.php
另外,看到您正在使用会话,请确保它已使用会话在所有页面中启动。
- http://php.net/manual/en/function.session-start.php
检查错误
- http://php.net/manual/en/pdo.error-handling.php
- http://php.net/manual/en/function.error-reporting.php
还要确保函数没有变量作用域问题。
如果是这样,请将数据库连接传递给它们。
编辑:
我似乎错过了一些东西,OP 很友好地将其包含在评论中:
"我现在已经成功登录(Yaaay)...不得不将 $user->redirect() 更改为 header(),但它现在可以工作了!