在一个登录表单上登录到两个不同的区域
login into two different areas on one login form
我试图让用户根据条件登录到一个登录表单上的两个不同区域。我遇到的问题是,如果提供了正确的密码,一切正常,但是当提供错误的密码时,什么也没有发生,它甚至不回显密码错误警报!可能有什么问题,我的代码可以吗?
谢谢
if(isset($_POST['login'])){
$username=$_POST['username'];
$password=$_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = $username;
$password = $password;
//$pass = md5($password);
$stmt = $pdo->prepare("SELECT password FROM table WHERE username=:username");
$stmt->bindValue(':username', $username, PDO::PARAM_STR);
$stmt->execute();
if($stmt->rowCount()<1){
echo 'INVALID USERNAME OR PASSWORD';
}else{
$password = $_POST['password'];
list($hash) = $stmt->fetch(PDO::FETCH_NUM);
if (password_verify($password, $hash)) {
$_SESSION['username'] = $username;
$status1 = "COMPLETED";
$status2 = "UNCOMPLETED";
$stmt = $pdo->query("SELECT status FROM table WHERE username ='$_SESSION[username]'");
$check = $stmt->fetch(PDO::FETCH_ASSOC);
$status = $check['status'];
if(strcmp($status, $status1) == 0){
header("location: completed/index.php");
exit();
}elseif(strcmp($status, $status2) == 0){
header("location: uncompleted/index.php");
exit();
}else{
echo 'INVALID USERNAME OR PASSWORD';
}
}
}
}
我认为问题在于您没有处理 if 语句中 password_verify($password, $hash) returns false 的条件。我在下面进行了处理:
if (isset($_POST['login'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = $username;
$password = $password;
//$pass = md5($password);
$stmt = $pdo->prepare("SELECT password FROM table WHERE username=:username");
$stmt->bindValue(':username', $username, PDO::PARAM_STR);
$stmt->execute();
if ($stmt->rowCount() < 1) {
echo 'INVALID USERNAME OR PASSWORD';
} else {
$password = $_POST['password'];
list($hash) = $stmt->fetch(PDO::FETCH_NUM);
if (password_verify($password, $hash)) {
$_SESSION['username'] = $username;
$status1 = "COMPLETED";
$status2 = "UNCOMPLETED";
$stmt = $pdo->query("SELECT status FROM table WHERE username ='$_SESSION[username]'");
$check = $stmt->fetch(PDO::FETCH_ASSOC);
$status = $check['status'];
if (strcmp($status, $status1) == 0) {
header("location: completed/index.php");
exit();
} elseif (strcmp($status, $status2) == 0) {
header("location: uncompleted/index.php");
exit();
} else {
echo 'INVALID USERNAME OR PASSWORD';
}
} else {
// handle wrong password here
echo 'INVALID PASSWORD';
}
}
}
希望对您有所帮助。
问题是我的 else 放错了地方。我在 if/elseif strcmp 语句之后得到了它。它应该在 if (password_verify($password, $hash)) 块之后。
它是从 phpfreak 论坛上注意到的。归功于他
因此正确的代码:
if(isset($_POST['login']))
{
$username = stripslashes($_POST['username']);
$password = stripslashes($_POST['password']);
$stmt = $pdo->prepare("SELECT password FROM table WHERE username=:username");
$stmt->bindValue(':username', $username, PDO::PARAM_STR);
$stmt->execute();
if($stmt->rowCount()<1)
{
echo '<div class="signals"><p class="bg-warning text-center warning"><button type="button" class="close" aria-label="Close"><span aria-hidden="true">×</span></button>INVALID USERNAME OR PASSWORD</div></p>';
}
else
{
$password = $_POST['password'];
list($hash) = $stmt->fetch(PDO::FETCH_NUM);
if (password_verify($password, $hash))
{
$_SESSION['username'] = $username;
$status1 = "COMPLETED";
$status2 = "UNCOMPLETED";
$stmt = $pdo->query("SELECT status FROM table WHERE username ='$_SESSION[username]'");
$check = $stmt->fetch(PDO::FETCH_ASSOC);
$status = $check['status'];
if(strcmp($status, $status1) == 0)
{
header("location: completed/index.php");
exit();
}
elseif(strcmp($status, $status2) == 0)
{
header("location: uncompleted/index.php");
exit();
}
}
else
{
echo '<div class="signals"><p class="bg-warning text-center warning"><button type="button" class="close" aria-label="Close"><span aria-hidden="true">×</span></button>INVALID USERNAME OR PASSWORD again</div></p>';
}
}
}
我试图让用户根据条件登录到一个登录表单上的两个不同区域。我遇到的问题是,如果提供了正确的密码,一切正常,但是当提供错误的密码时,什么也没有发生,它甚至不回显密码错误警报!可能有什么问题,我的代码可以吗?
谢谢
if(isset($_POST['login'])){
$username=$_POST['username'];
$password=$_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = $username;
$password = $password;
//$pass = md5($password);
$stmt = $pdo->prepare("SELECT password FROM table WHERE username=:username");
$stmt->bindValue(':username', $username, PDO::PARAM_STR);
$stmt->execute();
if($stmt->rowCount()<1){
echo 'INVALID USERNAME OR PASSWORD';
}else{
$password = $_POST['password'];
list($hash) = $stmt->fetch(PDO::FETCH_NUM);
if (password_verify($password, $hash)) {
$_SESSION['username'] = $username;
$status1 = "COMPLETED";
$status2 = "UNCOMPLETED";
$stmt = $pdo->query("SELECT status FROM table WHERE username ='$_SESSION[username]'");
$check = $stmt->fetch(PDO::FETCH_ASSOC);
$status = $check['status'];
if(strcmp($status, $status1) == 0){
header("location: completed/index.php");
exit();
}elseif(strcmp($status, $status2) == 0){
header("location: uncompleted/index.php");
exit();
}else{
echo 'INVALID USERNAME OR PASSWORD';
}
}
}
}
我认为问题在于您没有处理 if 语句中 password_verify($password, $hash) returns false 的条件。我在下面进行了处理:
if (isset($_POST['login'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = $username;
$password = $password;
//$pass = md5($password);
$stmt = $pdo->prepare("SELECT password FROM table WHERE username=:username");
$stmt->bindValue(':username', $username, PDO::PARAM_STR);
$stmt->execute();
if ($stmt->rowCount() < 1) {
echo 'INVALID USERNAME OR PASSWORD';
} else {
$password = $_POST['password'];
list($hash) = $stmt->fetch(PDO::FETCH_NUM);
if (password_verify($password, $hash)) {
$_SESSION['username'] = $username;
$status1 = "COMPLETED";
$status2 = "UNCOMPLETED";
$stmt = $pdo->query("SELECT status FROM table WHERE username ='$_SESSION[username]'");
$check = $stmt->fetch(PDO::FETCH_ASSOC);
$status = $check['status'];
if (strcmp($status, $status1) == 0) {
header("location: completed/index.php");
exit();
} elseif (strcmp($status, $status2) == 0) {
header("location: uncompleted/index.php");
exit();
} else {
echo 'INVALID USERNAME OR PASSWORD';
}
} else {
// handle wrong password here
echo 'INVALID PASSWORD';
}
}
}
希望对您有所帮助。
问题是我的 else 放错了地方。我在 if/elseif strcmp 语句之后得到了它。它应该在 if (password_verify($password, $hash)) 块之后。
它是从 phpfreak 论坛上注意到的。归功于他 因此正确的代码:
if(isset($_POST['login']))
{
$username = stripslashes($_POST['username']);
$password = stripslashes($_POST['password']);
$stmt = $pdo->prepare("SELECT password FROM table WHERE username=:username");
$stmt->bindValue(':username', $username, PDO::PARAM_STR);
$stmt->execute();
if($stmt->rowCount()<1)
{
echo '<div class="signals"><p class="bg-warning text-center warning"><button type="button" class="close" aria-label="Close"><span aria-hidden="true">×</span></button>INVALID USERNAME OR PASSWORD</div></p>';
}
else
{
$password = $_POST['password'];
list($hash) = $stmt->fetch(PDO::FETCH_NUM);
if (password_verify($password, $hash))
{
$_SESSION['username'] = $username;
$status1 = "COMPLETED";
$status2 = "UNCOMPLETED";
$stmt = $pdo->query("SELECT status FROM table WHERE username ='$_SESSION[username]'");
$check = $stmt->fetch(PDO::FETCH_ASSOC);
$status = $check['status'];
if(strcmp($status, $status1) == 0)
{
header("location: completed/index.php");
exit();
}
elseif(strcmp($status, $status2) == 0)
{
header("location: uncompleted/index.php");
exit();
}
}
else
{
echo '<div class="signals"><p class="bg-warning text-center warning"><button type="button" class="close" aria-label="Close"><span aria-hidden="true">×</span></button>INVALID USERNAME OR PASSWORD again</div></p>';
}
}
}