我正在制作一个登录屏幕,在测试代码时,它总是验证错误和正确的输入并进入主屏幕。PHP 的工作原理是它可以判断在数据库中找到了哪些数据。这是代码:
登录 Activity .java
import android.app.Dialog;
import android.app.ProgressDialog;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.os.AsyncTask;
import android.provider.CalendarContract;
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.Toast;
import com.android.volley.AuthFailureError;
import com.android.volley.Request;
import com.android.volley.RequestQueue;
import com.android.volley.Response;
import com.android.volley.VolleyError;
import com.android.volley.toolbox.JsonObjectRequest;
import com.android.volley.toolbox.StringRequest;
import com.android.volley.toolbox.Volley;
import org.json.JSONException;
import org.json.JSONObject;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
public class loginDosen extends AppCompatActivity {
EditText txKodeDosen,txPassword;
String KodeDosen,password;
RequestQueue requestQueue;
String loginURL ="http://192.168.43.217/test/DosenPublikasi/loginDosen.php";
StringRequest request;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_login_dosen);
txKodeDosen = (EditText)findViewById(R.id.txKodeDosen);
txPassword = (EditText)findViewById(R.id.txPassword);
requestQueue = Volley.newRequestQueue(loginDosen.this);
}
public void Login(View view) {
if(txKodeDosen.getText().toString().equals("") ){
Toast.makeText(this,"Kode Dosen Field is empty",Toast.LENGTH_SHORT).show();
}
else if(txKodeDosen.getText().toString().charAt(0)!='D'){
Toast.makeText(this,"Must have D in the start",Toast.LENGTH_SHORT).show();
}else if(txKodeDosen.length() !=5 ){
Toast.makeText(this,"Must be 5 characters long",Toast.LENGTH_SHORT).show();
}
else if(txPassword.getText().toString().equals("")){
Toast.makeText(this,"Password Field is empty",Toast.LENGTH_SHORT).show();
}
else {
JSONObject Login = new JSONObject();
try {
Login.put("kodeDosen", txKodeDosen.getText().toString());
Login.put("password", txPassword.getText().toString());
} catch (JSONException e) {
e.printStackTrace();
}
JsonObjectRequest jsonobjectrequest = new JsonObjectRequest(Request.Method.POST, loginURL, Login,
new Response.Listener<JSONObject>()
{
@Override
public void onResponse(JSONObject response) {
Toast.makeText(loginDosen.this, response.toString(), Toast.LENGTH_SHORT).show();
SharedPreferences DataDosen = getSharedPreferences("Dosen", Context.MODE_PRIVATE);
SharedPreferences.Editor editor = DataDosen.edit();
editor.putString("kodeDosen", txKodeDosen.getText().toString());
editor.putString("password", txPassword.getText().toString());
editor.commit();
Intent intent = new Intent(loginDosen.this, homepageDosen.class);
startActivity(intent);
}
},
new Response.ErrorListener() {
@Override
public void onErrorResponse(VolleyError error) {
Toast.makeText(loginDosen.this, error.toString(), Toast.LENGTH_LONG).show();
}
});
requestQueue.add(jsonobjectrequest);
}
}
public void Back(View view) {
Intent intent = new Intent(loginDosen.this, registrasiDosen.class);
startActivity(intent);
}
这里是 php
<?php
include 'connectdb.php';
$data = json_decode(file_get_contents('php://input'), true);
//print_r($data);
$kodeDosen =$data["kodeDosen"];
$password = $data["password"];
$message = array("message"=>"Data found");
$failure = array("mesage"=>"Data not found");
$sql = "SELECT * FROM tbl_dosen WHERE kodeDosen ='$kodeDosen' and password = '$password'";
//echo $kodeDosen;
$result = mysqli_query($conn,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1) {
echo json_encode($message);
}else {
echo json_encode($failure);
}
?>
json 有效,但是当使用登录按钮时,即使输入与数据库中的任何数据不匹配,它也会始终进入下一个屏幕
最佳答案
1.好像你保存了明文密码。这是系统的一个大漏洞。尝试使用password-hashing来保护你的密码。
2.尽量使用prepared statements来防止SQL INJECTION。目前的代码对此是开放的。
3.在Android端检查数据是否来了,然后进行相应的处理。
像下面这样:-
PHP 结束:-
<?php
include 'connectdb.php';
$data = json_decode(file_get_contents('php://input'), true);
$kodeDosen =$data["kodeDosen"];
$password = $data["password"];
$message = array("message"=>"Data found");
$failure = array("mesage"=>"Data not found");
if ($stmt = mysqli_prepare($conn, "SELECT * FROM tbl_dosen WHERE kodeDosen =? and password = ?")) {
/* bind parameters for markers */
mysqli_stmt_bind_param($stmt, "ss", $kodeDosen,$password);
/* execute query */
mysqli_stmt_execute($stmt);
/* store result */
mysqli_stmt_store_result($stmt);
if(mysqli_stmt_num_rows($stmt) > 0) {
echo json_encode($message);
}else {
echo json_encode($failure);
}
}
?>
Android 端(我不是 android 程序员所以我只给出简单的逻辑):-
@Override
public void onResponse(JSONObject response) {
if(check that message is "data found"){
// if yes then proceed further
}else if(check that message is "Data not found")){
//if yes show some error message and do further process
}
}
关于php - 通过 mysql 进行 JSON Android 登录验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49508713/