提问人:CoreIce 提问时间:10/11/2020 更新时间:10/13/2020 访问量:78
无法将提取的行项保存到会话中 [已关闭]
Can't save fetched row item into a Session [closed]
问:
我尝试将用户名保存到管理员登录时调用的会话中。在我的本地主机上,它工作正常,但在服务器上却没有。我还测试了 SESSIONS 是否可以在一般情况下保存并且它是否可以正常工作,即使在多个站点上也是如此。此外,它工作正常,我可以在服务器的其他站点上访问它。$_SESSION['Username']$_SESSION['example']
and 也不会被保存,所以我想它甚至没有到达 if 语句。
我测试的密码也是正确的。$_SESSION['test1']$_SESSION['test2']
<?php
session_start();
/*if (isset($_SESSION["Username"])) {
header('location: dndStill.php');
exit;
}
*/?>
<!DOCTYPE html>
<html>
<head>
<title>Anmelden</title>
<link rel="stylesheet" type="text/css" href="css/galleryLogin.css">
</head>
<body>
<div class="loginAll">
<form action="loginGallery.php" method="post" class="loginForm">
<div class="loginFeld">
<input type="text" name="username" placeholder="Nutzername" required>
</div>
<div class="loginFeld">
<input type="password" name="password" placeholder="Passwort" required>
</div>
<div class="input-group">
<button type="submit" class="login" name="submit">Login</button>
</div>
</form>
</div>
<?php
if (isset($_POST["submit"])) {
require_once "dbconnect_simple.php";
$username = ($_POST['username']);
$password = ($_POST['password']);
$password = md5($password);
$query = "SELECT * FROM nutzer WHERE nutzername= ? AND passwort= ? LIMIT 1";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("ss", $username, $password);
$stmt->execute();
$result = $stmt->get_result();
if (mysqli_num_rows($result) == 1) {
while($row = $result->fetch_array()) {
if ($password === $row["passwort"]) {
$_SESSION["Username"] = $row["nutzername"];
//header("Location: dndFood.php");
} else {
echo'Falsches Passwort oder Nutzername';
$_SESSION['Fehler 1'] = "Fehler1";
}
}
} else {
echo 'Falsches Passwort oder Nutzername';
$_SESSION['Fehler 2'] = "Fehler2";
}
}
?>
<?php '<pre>' ;
$_SESSION['example'] = "example";
print_r($_SESSION);
'</pre>';
?>
</body>
</html>
答:
-1赞
Paulos Ab
10/11/2020
#1
您的密码验证码不正确,更正见下文:
不要在 SQL 查询中检查密码,只检查数据库中的用户名、电子邮件或全名: 更正了 SQL:
$query = "SELECT * FROM nutzer WHERE nutzername= ? LIMIT 1";
从:
$result = $stmt->get_result();
if (mysqli_num_rows($result) == 1) {
while($row = $result->fetch_array()) {
if ($password === $row["passwort"]) {
$_SESSION["Username"] = $row["nutzername"];
//header("Location: dndFood.php");
} else {
echo'Falsches Passwort oder Nutzername';
$_SESSION['Fehler 1'] = "Fehler1";
}
}
}
更正为:
$query = "SELECT * FROM nutzer WHERE nutzername= ? LIMIT 1";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
$fetch_assoc = mysqli_fetch_assoc($result);
if (mysqli_num_rows($result) > 0) {
$verify_password = password_verify($password_from_post_request, $fetch_assoc["password_field_in_the_database"]);
if ($verify_password) {
$_SESSION["Username"] = $fetch_assoc["nutzername"];
//header("Location: dndFood.php");
} else {
echo'Falsches Passwort oder Nutzername';
$_SESSION['Fehler 1'] = "Fehler1";
}
} else {
echo'Sorry, your account could not be found';
$_SESSION['Fehler 1'] = "Fehler1";
}
用过程化 PHP 编写的代码:
$query = "SELECT * FROM nutzer WHERE nutzername=? LIMIT 1";
$stmt = mysqli_stmt_init($connection);
mysqli_prepare($stmt, $query);
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
$result_set = mysqli_stmt_get_result($stmt);
$fetch_assoc = mysqli_fetch_assoc($result_set);
if (mysqli_num_rows($result_set) > 0) {
$verify_password = password_verify($password_from_post_request, $fetch_assoc["password_field_in_the_database"]);
if ($verify_password) {
$_SESSION["Username"] = $fetch_assoc["nutzername"];
//header("Location: dndFood.php");
} else {
echo 'Falsches Passwort oder Nutzername';
$_SESSION['Fehler 1'] = "Fehler1";
}
} else {
echo 'Sorry, your account could not be found';
$_SESSION['Fehler 1'] = "Fehler1";
}
password verify 是 PHP 函数,用于与数据库中的密码验证密码,它将对传入的用户密码进行哈希处理,并将其与数据库中已散列的密码进行比较,但请确保在将密码保存到数据库中之前使用 password_hash 对密码进行哈希处理
评论
0赞
Samuel Liew
10/12/2020
评论不用于扩展讨论;此对话已移至 Chat。
上一个:其他会话工作时不显示会话消息
评论
password_verify()进行验证。看看这篇文章: 如何使用password_hash 并了解有关 PHP 中的 bcrypt 和密码哈希的更多信息