PHP-MYSQL-检查用户名是否存在的特定用户名的密码 [英] PHP - MYSQL - Check password for a specific username if username exists

问题描述

我已经尝试登录一个项目。我已经通过POST（通过AJAX调用）获得了一个值，我已经检查了输入的用户名是否存在并且到目前为止，它运行良好。但是知道我想检查密码对于该用户名是否有效。这是PHP代码：

I've got a login for a project that I'm trying to figure out. I've got a values by POST (through an AJAX call), I've already checked if the username entered exists and up to there, it works well. But know I want to check if the password is valid for that username. Here's the PHP code:

<?php

    //File with the conection data
    include_once "../conexion.php";

    //Initialization
    $user = "";
    $password = "";
    $errors = "";
    $result = "";
    $result2 = "";

    //Some validations (I've edited a little to make it shorter)
    if((isset($_POST['user'])) && (!empty($_POST['user']))){
        $user = $_POST['user'];
    }else{
        $errors .= "blablablah";
    }

    if((isset($_POST['password'])) && (!empty($_POST['password']))){
            $password = $_POST['password'];
        }else{
            $errors .= "blablabla";
        }

    //I make the query
    $sql = "SELECT user FROM users WHERE user = ?";

    //I prepare the query
    if($stmt = $con->prepare($sql)){

         $stmt->bind_param('s', $user);
         $result = $stmt->execute();

    }

    /* UP TO HERE, if I check that $result is true and echo "User exists" or something like that, IT WORKS, AS THE USER EXISTS */

    /* BUT now I want to check the PASSWORD, given that the user exists */

        if($result){

            //I make the query
            $sql2 = "SELECT user, password FROM users WHERE user = ? AND password = ?";

            //I prepare the query
            if($stmt2 = $con->prepare($sql2)){

                $stmt2->bind_param('ss', $user, $password);
                $result2 = $stmt2->execute();


                if($result2){
                    echo "ENTERED";
                }else{
                    echo "PASSWORD OR USER INCORRECT";
                }
            }

        } 

?>

我在AJAX调用的成功函数中使用这些回显的结果，这是代码为此（表单按钮中有onClick事件（onClick = login（）），validationLogin（）具有所有字段的有效性->一切正常）：

I'm using the result of those echos in the success function in the AJAX call, here's the code for that (there's an onClick event (onClick="login()") in the button of the form, and validationLogin() has all the valitations for the fields --> all that works fine):

function login(){

if(validationLogin()){
        $.ajax({

                url: "http://localhost/myProject/extras/Login.php", 
                type: "POST",
                data: {"user": user, 
                       "password": password, 
                       },
                dataType: "html",
                cache: false,
                beforeSend: function() {    
                    console.log("Processing...");
                },
                success: 
                      function(data){

                        alert(data);
                        console.log(data);

                    }

    });

}else{
    //alert("Incorrect fields");
}

}

这将返回EMPTY，我提醒数据只是为了检查它有什么...警报为空，不明白为什么：/

This returns EMPTY, I alert the data just to check what it has... the alert is empty, don't understand why :/

我已经尝试过这个想法-> PHP mySQL检查用户名和密码是否在数据库中但在那种情况下，它总是说不正确：/

I've tried this idea --> PHP mySQL check if username and password are in the database but in that case it keeps saying that it's incorrect :/

一些注意事项：

• 我知道应该对密码进行加密，以后可能会使用md5。


• 通过使用PHP文件和alert（data）/ console.log（数据）在JS文件中，我只想检查是否可行，以便继续。我知道，也许还有其他方法，更好的方法可以完成所有这些工作，但是我想一点一点地走下去。


• 我实际上是在尝试了解我编写了代码，然后对其进行了改进，我真的很想了解它的功能和作用


• 我想继续使用准备好的语句

• I know that the passwords should be encrypted, will probably use md5 later on.
• By using the echos in the PHP file and the alert(data) / console.log(data) in the JS file, I just want to check if it works, in order to proceed. Perhaps there are other ways, better ways of doing all this, I know, but I like to go little by little
• I'm really trying to understand what I code, then will improve on it, I really want to understand how and why it functions or not
• I would like to continue using prepared statements

预先感谢大家！ ：）

推荐答案

您应尝试以下操作：

$sql = "SELECT user,password FROM users WHERE user = ?";

//I prepare the query
if($stmt = $con->prepare($sql)){

     $stmt->bind_param('s', $user);
     $result = $stmt->execute();
     if ($result) {
         $stmt->bind_result($user_name,$password_db);    
     } else {
         $user_name="";
         $password_db="";
     }
    // Check Password
    if ($password==$password_db){
        /// PASSWORD IS OK
    }
}

现在您在$ user_name中拥有用户，在$ password中拥有密码（如果存在），因此您不需要第二条sql语句。在PHP函数中，您可以使用：

Now you have the user in $user_name and the password in $password (if exists) so you don't need the second sql statement. In the PHP function you can use:

    data: {"user": <?php echo $user_name ?>, 
           "password": <?php echo $password_db ?> , 
           },

这篇关于PHP-MYSQL-检查用户名是否存在的特定用户名的密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！