php - 使用 PHP 和 MYSQL 创建登录脚本

Question

我正在尝试在我的托管网页上创建一个简单的登录系统。我有一个使用 phpMyAdmin 创建的 MySQL 数据库和表。数据库、HTML 和 PHP 文件托管在同一台服务器上。我能够添加用户，帐户信息出现在表中。问题在于登录。我总是收到“登录失败错误”。我用过的教程是located here .我检查并重新检查了错误输入，我认为这不是问题所在。我认为该问题与 fetchColumn() 命令有关。根据我的研究，这个命令抓取下一行，这对我来说没有意义，因为用户名、密码和用户 ID 都位于同一行，只是不同的列。

这是用户提交信息的表单，然后调用登录脚本。下面的代码中有两种形式；第一种形式在这个问题中很重要。

    <?php

/*** begin our session ***/
session_start();

/*** set a form token ***/
$form_token = md5( uniqid('auth', true) );

/*** set the session form token ***/
$_SESSION['form_token'] = $form_token;
?>

<html>
<head>
<title>Log In Page</title>
<link rel="stylesheet" type="text/css" href="formstyle.css">
</head>

<header>
Log In Page
</header>

<body>
<h2>Log In</h2>
<form action="login_submit.php" method="post">
<fieldset id="forms" >
<p>
<label for="username">Username</label>
<input type="text" id="username" name="username" value="" maxlength="20"/>
</p>
<p>
<label for="password">Password</label>
<input type="text" id="password" name="password" value="" maxlength="20"/>
</p>
<p>
<input type="submit" value="Login"/>
</p>
</fieldset>
</form>

<h2>Create Account</h2>
<form action="adduser_submit.php" method="post">
<fieldset id="forms" >
<p>
<label for="username">Username</label>
<input type="text" id="username" name="username" value="" maxlength="20"/>
</p>
<p>
<label for="password">Password</label>
<input type="text" id="password" name="password" value="" maxlength="20"/>
</p>
<p>
<input type="hidden" name="form_token" value="<?php echo $form_token; ?>" />
<input type="submit" value="Sign Up"/>
</p>
</fieldset>
</form>
</body>
</html>

这是 login_submit 脚本。

        <?php

    /*** begin our session ***/
    session_start();

    /*** check if the user is already logged in ***/
    if(isset( $_SESSION['userID'] ))
    {
        $message = 'User is already logged in';
    }
    /*** check that both the username and password have been submitted ***/
    if(!isset( $_POST['username'], $_POST['password']))
    {
        $message = 'Please enter a valid username and password';
    }
    /*** check the username is the correct length ***/
    elseif (strlen( $_POST['username']) > 20 || strlen($_POST['username']) < 4)
    {
        $message = 'Incorrect Length for Username';
    } `enter code here`
    /*** check the password is the correct length ***/
    elseif (strlen( $_POST['password']) > 20 || strlen($_POST['password']) < 4)
    {
        $message = 'Incorrect Length for Password';
    }
    /*** check the username has only alpha numeric characters ***/
    elseif (ctype_alnum($_POST['username']) != true)
    {
        /*** if there is no match ***/
        $message = "Username must be alpha numeric";
    }
    else
    {
        /*** if we are here the data is valid and we can insert it into database ***/
        $username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);
        $password = filter_var($_POST['password'], FILTER_SANITIZE_STRING);

        /*** now we can encrypt the password ***/
        $password = sha1( $password );

        /*** connect to database ***/
        /*** mysql hostname ***/
        $mysql_hostname = 'localhost';

        /*** mysql username ***/
        $mysql_username = 'neticl5';

        /*** mysql password ***/
        $mysql_password = 'corrupted707';

        /*** database name ***/
        $mysql_dbname = 'neticl5_apptest';

        try
        {
            $dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password);
            /*** $message = a message saying we have connected ***/

            /*** set the error mode to excptions ***/
            $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

            /*** prepare the select statement ***/
            $stmt = $dbh->prepare('SELECT userID, username, password FROM useraccounts 
                        WHERE username = :username AND password = :password');

            /*** bind the parameters ***/
            $stmt->bindParam(':username', $username, PDO::PARAM_STR);
            $stmt->bindParam(':password', $password, PDO::PARAM_STR, 40);

            /*** execute the prepared statement ***/
            $stmt->execute();

            /*** check for a result ***/
            $userID = $stmt->fetchColumn();

        /*** if we have no result then fail boat ***/
            if($userID == false)
            {
                    $message = 'Login Failed';
            }
        /*** if we do have a result, all is well ***/
            else
            {
                    /*** set the session user_id variable ***/
                    $_SESSION['userID'] = $userID;

                    /*** tell the user we are logged in ***/
                    $message = 'You are now logged in';
            }
        }
        catch(Exception $e)
        {
            /*** if we are here, something has gone wrong with the database ***/
            $message = 'We are unable to process your request. Please try again later';
        }
    }
    ?>

<html>
<head>
<title>Log In</title>
</head>
<body>
<p><?php echo $message; ?></p>
</body>
</html>

Answer 1

我已经回答了我自己的问题。数据库中的密码字段未设置为正确的长度。用户字段要求最大为 20。数据库中的字段需要设置为正确的加密限制。