PHP登录 - 如果声明执行即使没有匹配
问题描述:
我是PHP新手,我创建了一个登录方法。当我提交的数据,即使该值不匹配“如果”正在执行PHP登录 - 如果声明执行即使没有匹配
声明我的代码:
<?php
// include db configuration
include("./config.php");
// converting data to JSON
$data = json_decode(file_get_contents("php://input"));
//assigning input to variables
$user_name = $data->user_name;
$password = hash('sha256', $data->password);
$tokenUser = hash('sha256', $data->user_name);
//checking username and password
$getUserInfo = $db->query("SELECT user_name FROM user WHERE user_name='$user_name' AND password='$password'");
//getting user information
$getUserInfo = $getUserInfo->fetchAll();
$token;
if (count($getUserInfo == 1))
{
//creating a token for user authentication
$token = $tokenUser . " | " . uniqid() . uniqid() . uniqid();
$q = "UPDATE user SET token=:token WHERE user_name=:user_name AND password=:password";
$query = $db->prepare($q);
$execute = $query->execute(array(
":token" => $token,
":user_name" => $user_name,
":password" => $password
));
$response = array(
'user_name' => $user_name,
'token' => $token,
'access' => 'Granted'
);
echo json_encode($response);
}
else
{
$error = array(
'status' => 'error',
'message' => 'Username or Password is invlid'
);
echo json_encode($error);
}
?>
如何验证这一点,是代码正确的,需要一些澄清
答
这一行:
if (count($getUserInfo == 1))
应当如下:
if (count($getUserInfo) == 1)
+0
那是我犯的一个菜鸟错误:) –
'if(count($ getUserInfo == 1))'应该如下:if(count($ getUserInfo)== 1)' – hassan
@HassanAhmed - 您应该将它作为答案发布。 –
您对用户名和密码进行了哈希处理?为什么?用户名通常不被认为是敏感的。 – GordonM