最受欢迎

PHP使用index.PHP中包含的login.PHP的用户登录验证不起作用

PHP User login validation using login.php included in index.php not working

本文关键字:PHP 登录 验证 不起作用 用户 login 包含 使用 index | 更新日期: 2023-09-27

我有login.php,包括登录类和用于处理的登录。我将login.php包含在index.php 中

无法理解为什么验证不起作用,以下是代码:

login.php

<?php 
include_once('Database.php');
class login extends Database{
    protected $_db;
    public $_error;
    public $_password;
    public $_email;
    public function __construct(){
        $this->_db = new Database('localhost','root','','kupon') or $this->_error = 'Could not connect to database';
    }
    public function validate($email, $password){
        $query = $this->_db->query("SELECT * FROM users WHERE email='$this->_email' AND password ='$this->_password'");
        $rows = $this->_db->numrows();
        if($rows == 1){
            $result = mysql_fetch_assoc($query);
            if ($results['email'] == $email && $results['password'] == $password);
                return true;
        } else{
            $this->_error =  '<p> User Does not exists</p>';
        }
    }
}
$login = new login();

if (isset($_POST['email']) && isset($_POST['password'])){
    $email = $_POST['email'];
    $password = $_POST['password'];
    if($login->validate($email, $password))
        echo 'your in';
}
?>
                <form action="index.php" method="post" class="form">
                    <p class="email">
                        <input type="text" name="email" /> :דואר אלקטרוני</br>
                    </p>
                    <p class="password">
                        <input type="password" name="password" /> :סיסמא</br>
                    </p>
                    <p class="submit">  
                        <input type="submit" value="היכנס" />  
                    </p>  
                </form>

我只是把它包含在index.php 中

            <?php
                include_once ('php/ooplogin.php');
            ?>

我在这里错过了什么?

您在此处验证用户:

$query = $this->_db->query("SELECT * FROM users WHERE email='$this->_email' AND password ='$this->_password'");

而你们正试图在这里做完全相同的事情:

  if ($results['email'] == $email && $results['password'] == $password);
                return true;

你的功能应该是这样的:

 public function validate($email, $password){
        // you should escape $email and $password to prevent SQL injection!!!
        $query = $this->_db->query("SELECT * FROM users WHERE email='$email' AND passwoird='$password'");
        $rows = $this->_db->numrows();
        return !!$rows;
  }

你在那里有安全问题。请阅读这篇文章:

  • 如何防止PHP中的SQL注入

我不知道你在这里尝试什么样的语言:

class login extends Database{
public function __construct(){
     $this->_db = new Database(...

如果您扩展Database类,为什么不:

class login extends Database{
  public function __construct() {
    parent::__construct('localhost','root','','kupon') or $this->_error = 'Could not connect to database';
  }
  public function foobar() {
     $query = $this->query("SELECT * FROM foo");
  }
相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习