我正在建立一个具有注册和登录表格的新网站。作为初学者,我使用的大部分代码都是在网上和书籍中找到的。我已经完成了注册表单,并且可以正常运行,但是现在我遇到了登录表单的问题,因为我可以找到的所有代码都基于哈希密码,而我必须构建的登录表单不需要它。您能帮我将我现在拥有的脚本转换成无需任何密码即可工作的脚本吗(代替密码,它只需要6个数字且不会被散列)。
我尝试过check_login,但是没有用。
$sql = "SELECT id, email, pin FROM users WHERE email = ?";
if($stmt = $mysqli->prepare($sql)){
// Bind variables to the prepared statement as parameters
$stmt->bind_param("s", $param_email);
// Set parameters
$param_email = $email;
// Attempt to execute the prepared statement
if($stmt->execute()){
// Store result
$stmt->store_result();
// Check if username exists, if yes then verify password
if($stmt->num_rows == 1){
// Bind result variables
$stmt->bind_result($id, $username, $numerpin);
if($stmt->fetch()){
if($stmt->num_rows == 1){
// Password is correct, so start a new session
session_start();
// Store data in session variables
$_SESSION["loggedin"] = true;
$_SESSION["id"] = $id;
$_SESSION["email"] = $email;
// Redirect user to welcome page
header("location: dashboard.php");
} else{
// Display an error message if password is not valid
$numerpin_err = "The password you entered was not valid.";
}
}
} else{
// Display an error message if username doesn't exist
$email_err = "No account found with that username.";
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
您有此查询:
"SELECT id, email, pin FROM users WHERE email = ?"
您正在检查电子邮件是否正确。您可以将其更改为
"SELECT id, email, pin FROM users WHERE email = ? and pin = ?"
当然也要通过别针。另外,您的错误消息具有误导性:
if($stmt->num_rows == 1){
// Password is correct, so start a new session
session_start();
// Store data in session variables
$_SESSION["loggedin"] = true;
$_SESSION["id"] = $id;
$_SESSION["email"] = $email;
// Redirect user to welcome page
header("location: dashboard.php");
} else{
// Display an error message if password is not valid
$numerpin_err = "The password you entered was not valid.";
}
如果具有相同电子邮件的多个记录会怎样?在这种情况下,它会说密码不正确,而不检查其实际值。通过电子邮件获取记录并固定图钉,循环结果以及找到匹配项然后创建会话会更加可靠。如果没有匹配项,则错误。