1
我需要下面的代码帮助,我不明白为什么我不能注册一个帐户上的数据库。我的android登录/注册问题PHP服务器
下面我的PHP脚本:
update_user_info.php
<?php
class update_user_info {
public function StoreUserInfo($fullname, $matno, $dept, $phone, $email, $password) {
$hash = $this->hashFunction($password);
$encrypted_password = $hash["encrypted"]; // encrypted password
$salt = $hash["salt"]; // salt
$stmt = $this->conn->prepare("INSERT INTO users(fullname, matno, dept, phone, email, encrypted_password, salt, created_at) VALUES(?, ?, ?, ?, ?, ?, ?, Now())");
$stmt->bind_param("ssssssss", $fullname, $matno, $dept, $phone, $email, $encrypted_password, $salt, $created_at);
$result = $stmt->execute();
$stmt->close();
// check for successful store
if ($result) {
$stmt = $this->conn->prepare("SELECT fullname, matno, dept, phone, email, encrypted_password, salt FROM users WHERE matno = ?");
$stmt->bind_param("s", $matno);
$stmt->execute();
$stmt-> bind_result($token2,$token3,$token4,$token5,$token6,$token7,$token8);
while ($stmt-> fetch()) {
$user["fullname"] = $token2;
$user["matno"] = $token3;
$user["dept"] = $token4;
$user["phone"] = $token5;
$user["email"] = $token6;
}
$stmt->close();
return $user;
} else {
return false;
}
}
public function hashFunction($password) {
$salt = sha1(rand());
$salt = substr($salt, 0, 10);
$encrypted = base64_encode(sha1($password . $salt, true) . $salt);
$hash = array("salt" => $salt, "encrypted" => $encrypted);
return $hash;
}
public function VerifyUserAuthentication($matno, $password) {
$stmt = $this->conn->prepare("SELECT fullname, matno, dept, phone, email, encrypted_password, salt FROM users WHERE matno = ?");
$stmt->bind_param("s", $matno);
if ($stmt->execute()) {
$stmt-> bind_result($token2,$token3,$token4,$token5,$token6,$token7,$token8);
while ($stmt-> fetch()) {
$user["fullname"] = $token2;
$user["matno"] = $token3;
$user["dept"] = $token4;
$user["phone"] = $token5;
$user["email"] = $token6;
$user["encrypted_password"] = $token7;
$user["salt"] = $token8;
}
$stmt->close();
// verifying user password
$salt = $token8;
$encrypted_password = $token7;
$hash = $this->CheckHashFunction($salt, $password);
// check for password equality
if ($encrypted_password == $hash) {
// user authentication details are correct
return $user;
}
} else {
return NULL;
}
}
public function checkHashFunction($salt, $password) {
$hash = base64_encode(sha1($password . $salt, true) . $salt);
return $hash;
}
public function CheckExistingUser($matno) {
$stmt = $this->conn->prepare("SELECT matno from users WHERE matno = ?");
$stmt->bind_param("s", $matno);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
// user existed
$stmt->close();
return true;
} else {
// user not existed
$stmt->close();
return false;
}
}
}
?>
的login.php
<?php
require_once 'update_user_info.php';
$db = new update_user_info();
// json response array
$response = array("error" => FALSE);
if (isset($_POST['matno']) && isset($_POST['password'])) {
// receiving the post params
$matno = $_POST['matno'];
$password = $_POST['password'];
// get the user by email and password
$user = $db->VerifyUserAuthentication($matno, $password);
if ($user != false) {
// user is found
$response["error"] = FALSE;
$response["uid"] = $user["unique_id"];
$response["user"]["fullname"] = $user["fullname"];
$response["user"]["email"] = $user["email"];
$response["user"]["matno"] = $user["matno"];
$response["user"]["dept"] = $user["dept"];
$response["user"]["phone"] = $user["phone"];
echo json_encode($response);
} else {
// user is not found with the credentials
$response["error"] = TRUE;
$response["error_msg"] = "Login credentials are wrong. Please try again!";
echo json_encode($response);
}
} else {
// required post params is missing
$response["error"] = TRUE;
$response["error_msg"] = "Required parameters email or password is missing!";
echo json_encode($response);
}
?>
上邮递员以上运行,puttin所有必需的参数显示如下错误:
["error_msg"] = "Required parameters email or password is missing!";
register.php
<?php
require_once 'update_user_info.php';
$db = new update_user_info();
// json response array
$response = array("error" => FALSE);
if (isset($_POST['fullname']) && isset($_POST['matnum']) && isset($_POST['depart']) && isset($_POST['phone']) && isset($_POST['email']) && isset($_POST['passworded'])) {
// receiving the post params
$fullname = $_POST['fullname'];
$matno = $_POST['matnum'];
$email = $_POST['email'];
$dept = $_POST['depart'];
$phone = $_POST['phone'];
$password = $_POST['passworded'];
// check if user is already existed with the same email
if ($db->CheckExistingUser($matno)) {
// user already existed
$response["error"] = TRUE;
$response["error_msg"] = "User already existed with " . $matno;
echo json_encode($response);
} else {
// create a new user
$user = $db->StoreUserInfo($fullname, $matno, $dept, $phone, $email, $password);
if ($user) {
// user stored successfully
$response["error"] = FALSE;
$response["user"]["fullname"] = $user["fullname"];
$response["user"]["matno"] = $user["matno"];
$response["user"]["dept"] = $user["dept"];
$response["user"]["phone"] = $user["phone"];
$response["user"]["email"] = $user["email"];
echo json_encode($response);
} else {
// user failed to store
$response["error"] = TRUE;
$response["error_msg"] = "Unknown error occurred in registration!";
echo json_encode($response);
}
}
} else {
$response["error"] = TRUE;
$response["error_msg"] = "Required parameters (fullname, email or password) is missing!";
echo json_encode($response);
}
?>
在邮递员运行上面的代码与所有PARAMS以下错误填写显示:
$response["error_msg"] = "Required parameters (fullname, email or password) is missing!";
我必须做一些错误的。感谢您的帮助。
这是一个糟糕的方式来哈希你的密码。你应该使用[password_hash](http://php.net/manual/en/function.password-hash.php) – Machavity
好的谢谢。这是错误的原因吗? –
不,这只是代码中的一个单独问题(并且它不是很安全,因为SHA1很弱)。 – Machavity