PHP MYSQLI准备语句登录并检查用户状态 [英] PHP MYSQLI prepared statements login and check the user status

查看:77
本文介绍了PHP MYSQLI准备语句登录并检查用户状态的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在学习制作一些基于mysqli的视频教程的网站.我知道使用准备好的语句更安全,并且我正在尝试创建一个登录系统.这是我到目前为止所做的.

I am learning to make website with some video tutorials based on mysqli. I came to know that using prepared statements are more secure and I am trying to create a login system. Here is what I have done so far.

此代码可帮助我完全登录成功.

This code helps me login success fully. 

<form action ="" method="post">

User Name:<br/>
<input type='text' name='username' />
<br/><br/>
Password:<br/>
<input type='password' name='password' />
<br/><br/>
<input type='submit' name='submit' value='login'>
</form>
<?php

if(isset($_POST['submit'])){
    $username = $_POST['username'];
    $password = md5($_POST['password']);
    $stmt = $con->prepare("SELECT username, password FROM users WHERE username=? AND  password=? LIMIT 1");
    $stmt->bind_param('ss', $username, $password);
    $stmt->execute();
    $stmt->bind_result($username, $password);
    $stmt->store_result();
    if($stmt->num_rows == 1)  //To check if the row exists
        {
            while($stmt->fetch()) //fetching the contents of the row

              {$_SESSION['Logged'] = 1;
               $_SESSION['username'] = $username;
               echo 'Success!';
               exit();
               }
        }
        else {
            echo "INVALID USERNAME/PASSWORD Combination!";
        }
        $stmt->close();
    }
    else 
    {   

    }
    $con->close();
?>

但是我还需要检查用户是否尚未激活或已被禁止或停用.所以我做了另一个代码.

But I also need to check if the user have not activated or have been banned or deactivated. So I made another code.

这是我编写的代码

<?php
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = md5($_POST['password']);
$stmt = $con->prepare("SELECT username, password FROM users WHERE username=? AND    password=? LIMIT 1");
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
$stmt->bind_result($username, $password);
$stmt->store_result();
if($stmt->num_rows == 1)  //To check if the row exists
  {
 $result=$con->query($stmt);
            $row=$result->fetch_array(MYSQLI_ASSOC);
            $user_id= $row['user_id'];
            $status = $row['status'];
            if($status=='d'){
                echo "YOUR account has been DEACTIVATED.";
            }else{
                $_SESSION['Logged'] = 1;
                $_SESSION['user_id'] = $user_id;
                $_SESSION['username'] = $username;
                echo 'Success!';
               exit();
            }
        }
        else {
            echo "INVALID USERNAME/PASSWORD Combination!";
        }
        $stmt->free_result();
        $stmt->close();

    }
    else 
    {   

    }
 $con->close();
 ?>

使用此工具时,出现以下错误

When I use this I get the following errors

警告:mysqli :: query()期望参数1为字符串,第33行的F:\ XAMPP \ htdocs \ login \ login.php中给出的对象

Warning: mysqli::query() expects parameter 1 to be string, object given in F:\XAMPP\htdocs\login\login.php on line 33

致命错误:在第34行的F:\ XAMPP \ htdocs \ login \ login.php中的非对象上调用成员函数fetch_array()

Fatal error: Call to a member function fetch_array() on a non-object in F:\XAMPP\htdocs\login\login.php on line 34

我有数据库表列

user_id, 用户名, 密码(md5), user_level, 状态.

user_id, username, password (md5), user_level, status.

在user_level下,我有以下内容

Under user_level I have the following

a = admin
m = member

状态

a = activated
n = not activated
d = deactivated
b = banned

登录时,我需要检查用户状态以及是否已激活(应将其移动到索引页),或者如果它是d,则应显示该用户已被停用,对于其他用户也是如此.

While logging in I need to check if the user status and if it is activated it should move to index page or if it is d it should show the user has been deactivated and likewise for others.

如何在准备好的语句中做到这一点?

How to do it in prepared statements?

我在所有页面中都有这个connect.php

And I have this connect.php in all page

?php
//error_reporting(0);
'session_start';
$con = new mysqli('localhost', 'username', 'password', 'database');
if($con->connect_errno > 0){
die('Sorry, We\'re experiencing some connection problems.');
}
?>

推荐答案

我认为您需要研究mysqli_的工作方式.这应该使您朝着正确的方向前进.

I think you need to take a look into how mysqli_ works. This should get you in the right direction.

if(isset($_POST['submit'])){
    $username = $_POST['username'];
    $password = md5($_POST['password']);
    $user_id = 0;
    $status = ""

    $stmt = $con->prepare("SELECT user_id, username, password, status FROM users WHERE username=? AND password=? LIMIT 1");
    $stmt->bind_param('ss', $username, $password);
    $stmt->execute();
    $stmt->bind_result($user_id, $username, $password, $status);
    $stmt->store_result();
    if($stmt->num_rows == 1)  //To check if the row exists
        {
            if($stmt->fetch()) //fetching the contents of the row
            {
               if ($status == 'd') {
                   echo "YOUR account has been DEACTIVATED.";
                   exit();
               } else {
                   $_SESSION['Logged'] = 1;
                   $_SESSION['user_id'] = $user_id;
                   $_SESSION['username'] = $username;
                   echo 'Success!';
                   exit();
               }
           }

    }
    else {
        echo "INVALID USERNAME/PASSWORD Combination!";
    }
    $stmt->close();
}
else 
{   

}
$con->close();

这篇关于PHP MYSQLI准备语句登录并检查用户状态的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆