PHP-MYSQL-检查用户名是否存在的特定用户名的密码 [英] PHP - MYSQL - Check password for a specific username if username exists
问题描述
我已经尝试登录一个项目。我已经通过POST(通过AJAX调用)获得了一个值,我已经检查了输入的用户名是否存在并且到目前为止,它运行良好。但是知道我想检查密码对于该用户名是否有效。这是PHP代码:
I've got a login for a project that I'm trying to figure out. I've got a values by POST (through an AJAX call), I've already checked if the username entered exists and up to there, it works well. But know I want to check if the password is valid for that username. Here's the PHP code:
<?php
//File with the conection data
include_once "../conexion.php";
//Initialization
$user = "";
$password = "";
$errors = "";
$result = "";
$result2 = "";
//Some validations (I've edited a little to make it shorter)
if((isset($_POST['user'])) && (!empty($_POST['user']))){
$user = $_POST['user'];
}else{
$errors .= "blablablah";
}
if((isset($_POST['password'])) && (!empty($_POST['password']))){
$password = $_POST['password'];
}else{
$errors .= "blablabla";
}
//I make the query
$sql = "SELECT user FROM users WHERE user = ?";
//I prepare the query
if($stmt = $con->prepare($sql)){
$stmt->bind_param('s', $user);
$result = $stmt->execute();
}
/* UP TO HERE, if I check that $result is true and echo "User exists" or something like that, IT WORKS, AS THE USER EXISTS */
/* BUT now I want to check the PASSWORD, given that the user exists */
if($result){
//I make the query
$sql2 = "SELECT user, password FROM users WHERE user = ? AND password = ?";
//I prepare the query
if($stmt2 = $con->prepare($sql2)){
$stmt2->bind_param('ss', $user, $password);
$result2 = $stmt2->execute();
if($result2){
echo "ENTERED";
}else{
echo "PASSWORD OR USER INCORRECT";
}
}
}
?>
我在AJAX调用的成功函数中使用这些回显的结果,这是代码为此(表单按钮中有onClick事件(onClick = login()),validationLogin()具有所有字段的有效性->一切正常):
I'm using the result of those echos in the success function in the AJAX call, here's the code for that (there's an onClick event (onClick="login()") in the button of the form, and validationLogin() has all the valitations for the fields --> all that works fine):
function login(){
if(validationLogin()){
$.ajax({
url: "http://localhost/myProject/extras/Login.php",
type: "POST",
data: {"user": user,
"password": password,
},
dataType: "html",
cache: false,
beforeSend: function() {
console.log("Processing...");
},
success:
function(data){
alert(data);
console.log(data);
}
});
}else{
//alert("Incorrect fields");
}
}
这将返回EMPTY,我提醒数据只是为了检查它有什么...警报为空,不明白为什么:/
This returns EMPTY, I alert the data just to check what it has... the alert is empty, don't understand why :/
我已经尝试过这个想法-> PHP mySQL检查用户名和密码是否在数据库中但在那种情况下,它总是说不正确:/
I've tried this idea --> PHP mySQL check if username and password are in the database but in that case it keeps saying that it's incorrect :/
一些注意事项:
- 我知道应该对密码进行加密,以后可能会使用md5。
- 通过使用PHP文件和alert(data)/ console.log(数据)在JS文件中,我只想检查是否可行,以便继续。我知道,也许还有其他方法,更好的方法可以完成所有这些工作,但是我想一点一点地走下去。
- 我实际上是在尝试了解我编写了代码,然后对其进行了改进,我真的很想了解它的功能和作用
- 我想继续使用准备好的语句
- I know that the passwords should be encrypted, will probably use md5 later on.
- By using the echos in the PHP file and the alert(data) / console.log(data) in the JS file, I just want to check if it works, in order to proceed. Perhaps there are other ways, better ways of doing all this, I know, but I like to go little by little
- I'm really trying to understand what I code, then will improve on it, I really want to understand how and why it functions or not
- I would like to continue using prepared statements
预先感谢大家! :)
推荐答案
您应尝试以下操作:
$sql = "SELECT user,password FROM users WHERE user = ?";
//I prepare the query
if($stmt = $con->prepare($sql)){
$stmt->bind_param('s', $user);
$result = $stmt->execute();
if ($result) {
$stmt->bind_result($user_name,$password_db);
} else {
$user_name="";
$password_db="";
}
// Check Password
if ($password==$password_db){
/// PASSWORD IS OK
}
}
现在您在$ user_name中拥有用户,在$ password中拥有密码(如果存在),因此您不需要第二条sql语句。在PHP函数中,您可以使用:
Now you have the user in $user_name and the password in $password (if exists) so you don't need the second sql statement. In the PHP function you can use:
data: {"user": <?php echo $user_name ?>,
"password": <?php echo $password_db ?> ,
},
这篇关于PHP-MYSQL-检查用户名是否存在的特定用户名的密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!