使用mysqli登录系统 [英] Login system with mysqli
问题描述
我想得到一些明确的信息或回复如何解决下一个问题.
I would like to get some clear information or reply how to solve the next issue.
目前我使用 MySQL 连接,但现在我想转移到 MySQLi.我不想使用 PDO,所以请不要使用它.
Currently i used MySQL connection, but now i want to move onto MySQLi. I dont want to use PDO, so please do not prefer it.
新的 mysqli 代码是这样的,但它也不起作用,我想我用了太多其他的东西,这是不需要的.
The new mysqli code is this, but its not working also i think i used a bit too much else, which is not needed.
<?php
include('includes/functions.php');
session_start();
if(isset($_POST['login'])) {
if(isset($_POST['username'])) {
if(isset($_POST['password'])) {
$username = $_POST['username'];
mysqli_query($query, "SELECT * FROM cm_users WHERE Username = '$username'") or die(mysql_error());
foreach ($query as $user)
if(sha3($_POST['password'],256) == $user['Password']) {
$_SESSION['user'] = $user['Username'];
if(isset($_POST['g-recaptcha-response'])){
$captcha=$_POST['g-recaptcha-response'];
}
if(!$captcha){
header("Location: login.php");
echo "<button class='btn btn-block btn-warning btn-sm'>Please check your login details.</button>";
exit;
}
$response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=******&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);
if($response.success==false)
{
echo '<h2>You are spammer ! Get the @$%K out</h2>';
} else {
echo '<h2>Thanks for posting comment.</h2>';
}
header("Location: redirect.php");
} else {
echo "<button class='btn btn-block btn-warning btn-sm'>Please check your login details.</button>";
include('login.php');
}
} else {
echo "<button class='btn btn-block btn-warning btn-sm'>Please check that you filled out the login form!</button>";
include('login.php');
}
}
}
?>
知道如何解决问题才能开始工作吗?
Any idea how to fix the issue to get work?
推荐答案
将其作为一个 wiki - 我没有从中获得任何好处,但更多的是为了 OP 和问题的未来访问者.
Making this as a wiki - I have nothing to gain from this, but more for the OP and future visitors to the question.
从评论中提取并稍作修改:
Pulled from comments and slightly modified:
首先,您仍然使用 mysql_error() 混合 API,假设 $query 应该读作 mysqli_error($query)是您的连接代码中使用的连接变量.
Firstly, you're still mixing APIs using mysql_error() where it should read as mysqli_error($query) assuming that $query is your connection variable used in your connection codes.
那么这让你失败了 foreach ($query as $user) 因为没有任何分配给 $query(对于查询),因为你正在检查 foreach 针对您的 db 连接的变量,如果您使用了正确的错误函数,仅此一项就应该引发错误.
Then this is failing you foreach ($query as $user) because there is nothing assigned to $query (for the query), as you are checking a foreach against your db connection's variable and that alone should have thrown you an error, had you used the right error function.
作为mysqli_error($query),该函数需要一个数据库连接作为参数.
Being mysqli_error($query) where that function requires a database connection as a parameter.
您当前的代码对SQL 注入开放.使用 mysqli_* 与准备好的语句,或PDO和准备好的声明.
Your present code is open to SQL injection. Use mysqli_* with prepared statements, or PDO with prepared statements.
按照建议,使用 ircmaxell 的答案之一并使用更好的散列/查询函数.
As suggested, use one of ircmaxell's answers and using a better hashing/query function.
从他的回答中拉出来:
只需使用库.严重地.它们存在是有原因的.
Just use a library. Seriously. They exist for a reason.
- PHP 5.5+:使用
password_hash() - PHP 5.3.7+:使用
password-compat(a以上兼容包) - 所有其他:使用 phpass
不要自己做.如果您正在创建自己的盐,您做错了.您应该使用一个可以为您处理这些问题的库.
Don't do it yourself. If you're creating your own salt, YOU'RE DOING IT WRONG. You should be using a library that handles that for you.
$dbh = new PDO(...);
$username = $_POST["username"];
$email = $_POST["email"];
$password = $_POST["password"];
$hash = password_hash($password, PASSWORD_DEFAULT);
$stmt = $dbh->prepare("insert into users set username=?, email=?, password=?");
$stmt->execute([$username, $email, $hash]);
登录时:
$sql = "SELECT * FROM users WHERE username = ?";
$stmt = $dbh->prepare($sql);
$result = $stmt->execute([$_POST['username']]);
$users = $result->fetchAll();
if (isset($users[0]) {
if (password_verify($_POST['password'], $users[0]->password) {
// valid login
} else {
// invalid password
}
} else {
// invalid username
}
这篇关于使用mysqli登录系统的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
