如何验证PHP随机生成的引脚和串行登录

Question

我是PHP新手。

我正在开发一个网站，可以让家长在线查看他们孩子的学校终端结果。我已经能够创建一个查询并显示结果的脚本。一切工作正常。但是我的大问题是我希望他们从学校购买结果PIN码和序列号。这是一套PIN和串口只有一个入场号 工作流程是，当学生输入他们的录取号码时，它会检查学生表，如果录取号存在，则输入密码和序列号，如果卡表中存在正确的引脚和序列，它将更新名为stureg的卡片表格行，并将其输入到显示结果可见的仪表板中。现在 的大问题是，该随机产生的数字（PIN和SERIAL）不会从第二行具有2

ID验证这些是脚本：

PIN GENERATOR PAGE

<?php 

if (isset($_POST['ActionAxeIsGood']) && $_POST['ActionAxeIsGood'] == "txtLoginCNumberMaxText") { // checks form values 

    include "php/Dbfile.php"; 

    $student_reg = $_POST['txtMatricNumber']; 
    $CardPin  = $_POST['txtCardPin']; 
    $CardSerial = $_POST['txtCardSerial']; 
    //$student_password = $_POST['password']; 
    $ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR')); 
    $r = preg_replace('#[^A-Z0-9\'/\'\'-\']#', '', $student_reg); 
    $p = preg_replace('#[^0-9]#', '', $CardPin); 
    $s = preg_replace('#[^0-9]#', '', $CardSerial); 

    $errors = array(); 
    $msg = ''; 

    if ($r == "") { 
     $msg = '<p style="color: maroon;">Enter Matric No.</p>'; 
    } 
    if ($p == "") { 
     $msg = '<p style="color: maroon;">Enter Pin</p>'; 
    } 
    if ($s == "") { 
     $msg = '<p style="color: maroon;">Enter Serial</p>'; 
    } 

    if (!empty($errors)) { 
     // if there are errors, print them out as a list 
     $msg = '<p>Please correct the following errors:</p>'; 
     $msg .= '<ul>'; 

     foreach ($errors as $key => $value) { 
      $msg .= '<li>' . $value . '</li>'; 
     } 
     $msg .= '</ul>'; 

    } else { // if no errors then go on 

     $sql_student = "SELECT id, firstname, reg FROM students WHERE reg='$r' AND activated='1' LIMIT 1 "; 
     $student_query = mysqli_query($DBconn, $sql_student); 
     $student_row = mysqli_fetch_row($student_query); 

     $log_id = $student_row[0]; 
     $log_name = $student_row[1]; 
     $log_reg = $student_row[2]; 

     //check if Card Serial n Pin Exists 
     $sqlc   = "SELECT id FROM card "; 
     $CardSerial_c = mysqli_query($DBconn, $sqlc); 
     $Cardrowc  = mysqli_fetch_row($CardSerial_c); 
     $DB_Id  = $Cardrowc[0]; 


     $sql   = "SELECT pin, serialme FROM card WHERE id='" . $DB_Id . "' LIMIT 1"; 
     $CardSerial_q = mysqli_query($DBconn, $sql); 
     $Cardrow  = mysqli_fetch_row($CardSerial_q); 
     $DB_Pin  = $Cardrow[0]; 
     $DB_Serial = $Cardrow[1]; 

     if ($r == $log_reg) { 

      if ($p == $DB_Pin && $s == $DB_Serial) { 

       header("location: student/dashboard.php?q=$log_name"); 

      } else { 
       echo "string"; 
      } 

     } else { 
      echo "No"; 
     } 

    } 
} 

?> 

<form id="login_form" method="post"> 
    <div id="FillHolder"> 
    <div id="txt-container"> 
     <div id="signIn"> 
     <strong>Check Result</strong> 
     </div> 
     <div class="formholder"> 
     <input id="txtMatricNumber" class="textinput" type="text" placeholder="Registration Number/Matric No" name="txtMatricNumber" > 
     </div> 
     <div class="formholder"> 
     <input id="txtMatricNumber" class="textinput" type="text" placeholder="Card Pin" name="txtCardPin" > 
     </div> 
     <div class="formholder"> 
     <input id="txtMatricNumber" class="textinput" type="password" placeholder="Card Serial" name="txtCardSerial" > 
     </div> 
     <div class="formholder"> 
     <input name="ActionAxeIsGood" type="hidden" id="bLogin" value="txtLoginCNumberMaxText" /> 
     <button id="bLogin" class="submitbtn" type="submit">Check Result</button> 
     </div> 
    </div> 
    </div> 
</form> 

Answer 1

我解决它通过使卡表的ID从1333242663到AUTO_INCREMENT然后我用它作为卡片引脚，而php rand（）生成的代码用作卡片序列号。现在它工作正常。

<?php 

      if (isset($_POST['ActionAxeIsGood']) && $_POST['ActionAxeIsGood'] == "txtLoginCNumberMaxText") {// checks form values 

      include "php/Dbfile.php"; 

       $student_reg = $_POST['txtMatricNumber']; 
       $CardPin = $_POST['txtCardPin']; 
       $CardSerial = $_POST['txtCardSerial']; 
       //$student_password = $_POST['password']; 
       $ip = preg_replace('#[^0-9.]#', '',getenv('REMOTE_ADDR')); 


       $r = preg_replace('#[^A-Z0-9\'/\'\'-\']#', '',$student_reg); 
       $p = preg_replace('#[^0-9]#', '',$CardPin); 
       $s = preg_replace('#[^0-9]#', '',$CardSerial); 





        $errors = array(); 
        $msg = ''; 


        if ($r == "") { 
         $msg = '<p style="color: maroon;">Enter Matric No.</p>'; 

        }if ($p == "") { 
         $msg = '<p style="color: maroon;">Enter Pin</p>'; 

        }if ($s == "") { 
         $msg = '<p style="color: maroon;">Enter Serial</p>'; 

        } 



        if(!empty($errors)) { 
        // if there are errors, print them out as a list 
        $msg = '<p>Please correct the following errors:</p>'; 

        $msg .= '<ul>'; 

        foreach ($errors as $key => $value) { 
         $msg .= '<li>' . $value . '</li>'; 
        } 
        $msg .= '</ul>'; 


        }else {// if no errors then go on 


        $sql_student = "SELECT id, firstname, reg FROM students WHERE reg='$r' AND activated='1' LIMIT 1 "; 
        $student_query = mysqli_query($DBconn, $sql_student); 
        $student_row = mysqli_fetch_row($student_query); 

        $log_id = $student_row[0]; 
        $log_name = $student_row[1]; 
        $log_reg = $student_row[2]; 




        $sql = "SELECT serialme FROM card WHERE id='".$p."' LIMIT 1"; 
        $CardSerial_q = mysqli_query($DBconn, $sql); 
        $Cardrow = mysqli_fetch_row($CardSerial_q); 
        $DB_Serial = $Cardrow[0]; 

        if ($r == $log_reg) { 

         if ($s == $DB_Serial) { 

        $_SESSION['student_id'] = $log_id; 
        $_SESSION['student_name'] = $log_name; 
        $_SESSION['student_reg'] = $log_reg; 

          header("location: student/dashboard.php?q=$log_name"); 

         }else { 
          echo "Invalid Serail"; 
         } 




        } 

       }// if no errors then go on ends 




       }//if isset 

？>

Answer 2

如果我已经真正理解你的处境...问题是这部分代码：

$sqlc = "SELECT id FROM card "; 
$CardSerial_c = mysqli_query($DBconn, $sqlc); 
$Cardrowc = mysqli_fetch_row($CardSerial_c); 
$DB_Id = $Cardrowc[0]; 


$sql = "SELECT pin, serialme FROM card WHERE id='".$DB_Id."' LIMIT 1"; 
$CardSerial_q = mysqli_query($DBconn, $sql); 
$Cardrow = mysqli_fetch_row($CardSerial_q); 
$DB_Pin = $Cardrow[0]; 
$DB_Serial = $Cardrow[1]; 

我觉得你可以做的一切使用一个查询：

$query = "SELECT * FROM students s JOIN card c on s.reg = c.stureg WHERE c.stureg = '$r' AND pin = '$p' AND serialme = '$s'" 
$result = mysqli_query($DBconn,$query); 
if($result->num_rows>0){ 
    header("location: student/dashboard.php?q=$log_name"); 
}else{ 
    echo "BAD LOGIN"; 
} 

Answer 3

请记住清除源代码。

你的代码有一些问题，你的查询是多余的。

此：

if (!empty($errors)) {} 

不能做任何事情。

试试这个，我无法测试它，因为我没有你的SQL：

<?php 

if (isset($_POST['ActionAxeIsGood']) && $_POST['ActionAxeIsGood'] == "txtLoginCNumberMaxText") { // checks form values 

    include "php/Dbfile.php"; 

    $student_reg = $_POST['txtMatricNumber']; 
    $CardPin  = $_POST['txtCardPin']; 
    $CardSerial = $_POST['txtCardSerial']; 
    //$student_password = $_POST['password']; 
    $ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR')); 
    $r = preg_replace('#[^A-Z0-9\'/\'\'-\']#', '', $student_reg); 
    $p = preg_replace('#[^0-9]#', '', $CardPin); 
    $s = preg_replace('#[^0-9]#', '', $CardSerial); 

    if ($r == "") { 
     $msg = '<p style="color: maroon;">Enter Matric No.</p>'; 
    } 
    if ($p == "") { 
     $msg = '<p style="color: maroon;">Enter Pin</p>'; 
    } 
    if ($s == "") { 
     $msg = '<p style="color: maroon;">Enter Serial</p>'; 
    } 

    if (isset($msg)) { 
     if($msg == "") { 
     // if there are errors, print them out as a list 
     $msg = '<p>Please correct the following errors:</p>'; 
     $msg .= '<ul>'; 

     foreach ($errors as $key => $value) { 
      $msg .= '<li>' . $value . '</li>'; 
     } 
     $msg .= '</ul>'; 
     } 
    } else { // if no errors then go on 

     $query = "SELECT * FROM students s JOIN card c on s.reg = c.stureg WHERE c.stureg = '$r' AND pin = '$p' AND serialme = '$s'" 
     $result = mysqli_query($DBconn,$query); 
     if($result->num_rows>0){ 
     header("Location: student/dashboard.php?q=$log_name"); 
     } 
     else{ 
     echo "BAD LOGIN"; 
     } 
    } 
} 

?> 

查询通过@ Vanojx1