我正在尝试让我的登录页面允许用户使用他们的名字/电子邮件或密码/姓氏登录。
到目前为止,它只允许用户在第一个块中使用电子邮件/名字登录&在第二块中只有密码,但没有姓氏。?
以下是我目前拥有的php-->
<?php
ob_start();
session_start();
define("_APP_RUN", true);
require '../AppINIT.php';
$footerTxt = appconfig('footerTxt');
$theme= appconfig('theme');
if (isset($_POST['login']))
{
$username=_post('username');
$password=_post('password');
$login_type=_post('login_type');
if($username==''){
conf('login.php','e','Please Enter Your Username');
}
if($password==''){
conf('login.php','e','Please Enter Your Password');
}
$password = md5($secret . $password);
$lastlogin=date("Y-m-d H:i:s");
//added name,lname on 4-30-2016--to be able to login with name
$stmt = $dbh->prepare("SELECT `id`, `email`, `name`, `lname`, `password`
FROM `accounts`
WHERE
(
`email` = :email AND `password` = :password
)
OR
(
`name` = :first_name AND `lname` = :last_name
)
AND `status` = 'Active'
");
$stmt->execute(array(':email'=>$username; ':password'=>$password; ':first_name'=>$username; ':last_name'=>$password));
//$stmt->bindParam(':user_id', $username, PDO::PARAM_STR, 12);
//$stmt->bindParam(':password', $password, PDO::PARAM_STR, 30);
$stmt->execute();
$result = $stmt->fetchAll();
if ($stmt->rowCount() == "1") {
foreach ($result as $value) {
$cmd=$value['id'];
$_SESSION['cid'] = $value['id'];
$lid = md5(uniqid(rand(), TRUE));
$_SESSION['lid'] = $lid;
setcookie("_lid", "$lid", time() + 86400);
$login=ORM::for_table('accounts')->find_one($cmd);
$login->online='1';
$login->lastlogin=$lastlogin;
$login->save();
conf('index.php');
}
} else {
conf('login.php', 'e', 'For Security Reasons We Can Not Tell You What Was Entered Wrong!');
}
}
require ("views/$theme/login.tpl.php");
?>
这是我在html中称之为--->的内容
<form action="login.php" method="post">
<fieldset>
<label>
<span class="block input-icon input-icon-right">
<input type="text" class="span12" placeholder="Email Or First Name" name="username"/>
<i class="icon-envelope"></i>
</span>
</label>
<label>
<span class="block input-icon input-icon-right">
<input type="password" class="span12" placeholder="<?php echo $Lan['Password']; ?> Or Last Name" name="password" />
<i class="icon-lock"></i>
</span>
</label>
<div class="space"></div>
<div class="clearfix">
先读我!
<button class="width-35 pull-right btn btn-small btn-primary" type="submit" name="login">
<i class="icon-key"></i>
<?php echo $Lan['login']; ?>
</button>
</div>
Greg,
使用以下HTML表单:
<form action="login.php" method="post">
<fieldset>
<label>
<span class="block input-icon input-icon-right">
<input type="text" class="span12" placeholder="Email Or First Name" name="username"/>
</span>
</label>
<label>
<span class="block input-icon input-icon-right">
<input type="text" class="span12" placeholder="Password or Last Name" name="password"/>
</span>
</label>
</fieldset>
<input type="submit" name="Login">
</form>
在你的login.php文件中使用这个:
<?php
session_start();
require "path/to/db/file.php";
$username = $_POST['username'];
$last_name = $_POST['password'];
$password = $_POST['password'];
$password = md5($secret . $password);
$stmt = $dbh->prepare("SELECT `id`, `email`, `name`, `lname`, `password`
FROM `accounts`
WHERE
(
`email` = :email AND `password` = :password
)
OR
(
`name` = :first_name AND `lname` = :last_name
)
AND `status` = 'Active'
");
$stmt->execute(array(':email'=>$username; ':password'=>$password; ':first_name'=>$username; ':last_name'=>$last_name));
$records_count = $stmt->rowCount();
if($records_count == 1){
//One of the conditions of the $stmt was evaluated as TRUE and query was successful
echo 'Logged in';
}
else{
var_dump($stmt);
}
?>
如果满足条件,则应成功登录。否则,$stmt
将被"转储",这将帮助您评估您的输入。
在原始代码中,您正在对密码字段进行哈希处理。姓氏被散列,这就是为什么使用姓氏时身份验证失败的原因。
这会解决你的问题,但要注意对你问题的评论。这不是一种非常安全的登录方式。任何知道用户名字和姓氏的人都可以登录,这会否定登录脚本的全部目的。