我有这个登录/注册系统,我想使用PHP文件。 [英] I have this Login / Register system and i want to use PHP files.
问题描述
我有这个登录/注册系统,但是现在这不安全,因为黑客可以使用DBPassword,Name等。
我怎么能使用PHP文件连接到MySql,并从那里获取信息,如姓名或状态,
我的数据库:
< img alt =""src ="https://social.msdn.microsoft.com/Forums/getfile/1090127">
$
代码:
private MySqlConnection ANRGamesConnection;
私有字符串服务器;
私有字符串数据库;
私有字符串UId;
私人密码;
private void DBConnection()
{
Server ="" ;;
数据库="" ;;
UId ="" ;;
密码="" ;;
string connectionString;
connectionString = $" SERVER = {Server}; DATABASE = {Database}; UID = {UId}; PASSWORD = {Password};" ;;
ANRGamesConnection = new MySqlConnection(connectionString);
}
public bool Register(string user,string pass)
{
string userIp ="" ;;
try
{
userIp = new WebClient()。DownloadString(" http://icanhazip.com");
}
catch
{
userIp =" 0.0.0.0" ;;
}
string query = $" INSERT INTO Users(Id,Username,Password,uIP,Status)VALUES('','{user}','{pass}', '{userIp}','0');" ;;
尝试
{
if(OpenConnection())
{
MySqlCommand cmd = new MySqlCommand(query,ANRGamesConnection);
尝试
{
cmd.ExecuteNonQuery();
返回true;
}
捕获
{
返回false;
}
}
其他
{
ANRGamesConnection.Close();
返回false;
}
}
catch
{
ANRGamesConnection.Close();
返回false;
}
}
public bool登录(string user,string pass)
{
string query = $" SELECT * FROM Users WHERE Username ='{user} 'AND Password ='{pass}');" ;;
尝试
{
if(OpenConnection())
{
MySqlCommand cmd = new MySqlCommand(query,ANRGamesConnection);
MySqlDataReader reader = cmd.ExecuteReader();
if(reader.Read())
{
reader.Close();
ANRGamesConnection.Close();
返回true;
}
其他
{
reader.Close();
ANRGamesConnection.Close();
返回false;
}
}
其他
{
ANRGamesConnection.Close();
返回false;
}
}
catch
{
ANRGamesConnection.Close();
返回false;
}
}
private bool OpenConnection()
{
try
{
ANRGamesConnection.Open();
返回true;
}
catch(MySqlException ex)
{
switch(ex.Number)
{
case 0:
MessageBox.Show(" ;与服务器的连接失败!",""ERROR",MessageBoxButton.OK,MessageBoxImage.Error);
休息;
case 1045:
MessageBox.Show(" Server Username or Password is wrong!"," ERROR",MessageBoxButton.OK,MessageBoxImage.Error);
休息;
}
返回false;
}
}
private void LoginButton_MouseUp(object sender,MouseButtonEventArgs e)
{
string user = UsernameInput。文本;
string password = PasswordInput.Password;
if(登录(用户名,密码))
{
MessageBox.Show($" Welcome {user}!"," Successfully登录&,"MessageBoxButton。好的,MessageBoxImage.Information);
}
else
{
MessageBox.Show($" Username / Password is wrong!","Fail",MessageBoxButton.OK,MessageBoxImage.Error);
}
}
private void RegisterButton_MouseUp(object sender,MouseButtonEventArgs e)
{
string user = UsernameInput.Text;
string password = PasswordInput.Password;
if(注册(用户名,密码))
{
MessageBox.Show($" Account successfully created"," Account created",MessageBoxButton.OK,MessageBoxImage)。信息);
}
else
{
MessageBox.Show($"无法创建帐户","帐户失败",MessageBoxButton.OK,MessageBoxImage.Error);
}
}
您的问题包含以下信息:对我来说没有意义,然后这不是一个PHP论坛。
顺便说一下,我想你可以尝试运行"varname = reader [" fieldname"];"在"reader.Close();"之前在登录功能。
和btw再次,似乎PHP 5.5或更高版本支持"finally" 阻止,所以你不需要写
" ANRGamesConnection 跨度> <跨度> 跨度> <跨度>关闭跨度> <跨度>();"无处不在。跨度>
I have this Login / Register system, but right now this is not secured, because an hacker can take tha DBPassword, Name, etc.
How i can use PHP Files to connect to the MySql, and to get informations from there, like Name or the Status,
My DB:
Code:
private MySqlConnection ANRGamesConnection; private string Server; private string Database; private string UId; private string Password; private void DBConnection() { Server = ""; Database = ""; UId = ""; Password = ""; string connectionString; connectionString = $"SERVER={Server};DATABASE={Database};UID={UId};PASSWORD={Password};"; ANRGamesConnection = new MySqlConnection(connectionString); } public bool Register(string user, string pass) { string userIp = ""; try { userIp = new WebClient().DownloadString("http://icanhazip.com"); } catch { userIp = "0.0.0.0"; } string query = $"INSERT INTO Users (Id, Username, Password, uIP, Status) VALUES ('', '{user}', '{pass}', '{userIp}', '0');"; try { if (OpenConnection()) { MySqlCommand cmd = new MySqlCommand(query, ANRGamesConnection); try { cmd.ExecuteNonQuery(); return true; } catch { return false; } } else { ANRGamesConnection.Close(); return false; } } catch { ANRGamesConnection.Close(); return false; } } public bool Login(string user, string pass) { string query = $"SELECT * FROM Users WHERE Username= '{user}' AND Password= '{pass}');"; try { if (OpenConnection()) { MySqlCommand cmd = new MySqlCommand(query, ANRGamesConnection); MySqlDataReader reader = cmd.ExecuteReader(); if (reader.Read()) { reader.Close(); ANRGamesConnection.Close(); return true; } else { reader.Close(); ANRGamesConnection.Close(); return false; } } else { ANRGamesConnection.Close(); return false; } } catch { ANRGamesConnection.Close(); return false; } } private bool OpenConnection() { try { ANRGamesConnection.Open(); return true; } catch (MySqlException ex) { switch (ex.Number) { case 0: MessageBox.Show("Connection to the server failed!", "ERROR", MessageBoxButton.OK, MessageBoxImage.Error); break; case 1045: MessageBox.Show("Server Username or Password is incorrect!", "ERROR", MessageBoxButton.OK, MessageBoxImage.Error); break; } return false; } } private void LoginButton_MouseUp(object sender, MouseButtonEventArgs e) { string user = UsernameInput.Text; string password = PasswordInput.Password; if (Login(user, password)) { MessageBox.Show($"Welcome {user}!", "Successfully logged in", MessageBoxButton.OK, MessageBoxImage.Information); } else { MessageBox.Show($"Username / Password is incorrect!", "Fail", MessageBoxButton.OK, MessageBoxImage.Error); } } private void RegisterButton_MouseUp(object sender, MouseButtonEventArgs e) { string user = UsernameInput.Text; string password = PasswordInput.Password; if(Register(user, password)) { MessageBox.Show($"Account successfully created", "Account created", MessageBoxButton.OK, MessageBoxImage.Information); } else { MessageBox.Show($"Failed to create the account", "Account failure", MessageBoxButton.OK, MessageBoxImage.Error); } }
Your question contains information that does not make sense to me, and then this is not a PHP forum.
Btw, I think you can try run "varname = reader["fieldname"];" before "reader.Close();" in login function.
And btw again, seems PHP 5.5 or later supports "finally" block too, so you need not write "ANRGamesConnection.Close();" everywhere.
这篇关于我有这个登录/注册系统,我想使用PHP文件。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!