I have a severe problem, about functions and if's
My problem is, that on the line where I put a fetchAll, there is a problem, can you help me?
I particularly have some theories, however, I found it more efficient to ask here, for better guidance, sorry for my terrible English
this code, it is after the user has successfully logged in
The AuthmeController I got ready, but I don't know how to proceed with the next steps ...
when the login is done, everything that is below the fetchAll line is ignored, that is, if I put something simple like an echo 'test', it will not work
function process_login($user, $pass, AuthMeController $controller) { if ($controller->checkPassword($user, $pass)) { printf('<h1>Hello, %s!</h1>', htmlspecialchars($user)); echo 'Successful login. Nice to have you back!'; $userid = $query->fetchAll(PDO::FETCH_ASSOC)[0]; session_start(); $_SESSION['DATASESSION'] = array($user["username"], $user["gamemaster"]); header('Refresh: 5; URL=https://forbiddenseries.net'); echo "<br /><a href='../index.php'>Back to Form</a>"; return true; } else { echo '<h1>Error</h1> Invalid username or password.'; header('Refresh: 5; URL=https://forbiddenseries.net'); } return true; } The fully code: Note: I'm trying to focus only without login logic
<!DOCTYPE html> <html lang="en"> <head> <title>AuthMe Integration Sample</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> </head> <body> <?php require 'AuthMeController.php'; // Change this to the file of the hash encryption you need, e.g. Bcrypt.php or Sha256.php require 'Bcrypt.php'; // The class name must correspond to the file you have in require above! e.g. require 'Sha256.php'; and new Sha256(); $authme_controller = new Bcrypt(); $action = get_from_post_or_empty('action'); $user = $_POST['username']; $pass = $_POST['password']; $email = get_from_post_or_empty('email'); $was_successful = false; if ($user && $pass) { if (isset($user) && isset($pass)) { $was_successful = process_login($user, $pass, $authme_controller); } else if ($action === 'Register') { $was_successful = process_register($user, $pass, $email, $authme_controller); } } function get_from_post_or_empty($index_name) { return trim( filter_input(INPUT_POST, $index_name, FILTER_UNSAFE_RAW, FILTER_REQUIRE_SCALAR | FILTER_FLAG_STRIP_LOW) ?: ''); } // Login logic function process_login($user, $pass, AuthMeController $controller) { if ($controller->checkPassword($user, $pass)) { printf('<h1>Hello, %s!</h1>', htmlspecialchars($user)); echo 'Successful login. Nice to have you back!'; $userid = $query->fetchAll(PDO::FETCH_ASSOC)[0]; session_start(); $_SESSION['DATASESSION'] = array($user["username"], $user["gamemaster"]); header('Refresh: 5; URL=https://forbiddenseries.net'); echo "<br /><a href='../index.php'>Back to Form</a>"; return true; } else { echo '<h1>Error</h1> Invalid username or password.'; header('Refresh: 5; URL=https://forbiddenseries.net'); } return true; } // Register logic function process_register($user, $pass, $email, AuthMeController $controller) { if ($controller->isUserRegistered($user)) { echo '<h1>Error</h1> This user already exists.'; } else if (!is_email_valid($email)) { echo '<h1>Error</h1> The supplied email is invalid.'; } else { // Note that we don't validate the password or username at all in this demo... $register_success = $controller->register($user, $pass, $email); if ($register_success) { printf('<h1>Welcome, %s!</h1>Thanks for registering', htmlspecialchars($user)); echo '<br /><a href="index.php">Back to form</a>'; return true; } else { echo '<h1>Error</h1>Unfortunately, there was an error during the registration.'; } } return false; } function is_email_valid($email) { return trim($email) === '' ? true // accept no email : filter_var($email, FILTER_VALIDATE_EMAIL); } ?> </body> </html> abstract class AuthMeController { const AUTHME_TABLE = 'authme'; /** * Entry point function to check supplied credentials against the AuthMe database. * * @param string $username the username * @param string $password the password * @return bool true iff the data is correct, false otherwise */ function checkPassword($username, $password) { if (is_scalar($username) && is_scalar($password)) { $hash = $this->getHashFromDatabase($username); if ($hash) { return $this->isValidPassword($password, $hash); } } return false; } /** * Returns whether the user exists in the database or not. * * @param string $username the username to check * @return bool true if the user exists; false otherwise */ function isUserRegistered($username) { $mysqli = $this->getAuthmeMySqli(); if ($mysqli !== null) { $stmt = $mysqli->prepare('SELECT 1 FROM ' . self::AUTHME_TABLE . ' WHERE username = ?'); $stmt->bind_param('s', $username); $stmt->execute(); return $stmt->fetch(); } // Defensive default to true; we actually don't know return true; } /** * Registers a player with the given username. * * @param string $username the username to register * @param string $password the password to associate to the user * @param string $email the email (may be empty) * @return bool whether or not the registration was successful */ function register($username, $password, $email) { $email = $email ? $email : 'your@email.com'; $mysqli = $this->getAuthmeMySqli(); if ($mysqli !== null) { $hash = $this->hash($password); $stmt = $mysqli->prepare('INSERT INTO ' . self::AUTHME_TABLE . ' (username, realname, password, email, ip) ' . 'VALUES (?, ?, ?, ?, ?)'); $username_low = strtolower($username); $stmt->bind_param('sssss', $username_low, $username, $hash, $email, $_SERVER['REMOTE_ADDR']); return $stmt->execute(); } return false; } /** * Changes password for player. * * @param string $username the username * @param string $password the password * @return bool true whether or not password change was successful */ function changePassword($username, $password) { $mysqli = $this->getAuthmeMySqli(); if ($mysqli !== null) { $hash = $this->hash($password); $stmt = $mysqli->prepare('UPDATE ' . self::AUTHME_TABLE . ' SET password=? ' . 'WHERE username=?'); $username_low = strtolower($username); $stmt->bind_param('ss', $hash, $username_low); return $stmt->execute(); } return false; } function startAuthmeSession($username){ $mysqli = $this->getAuthmeMySqli(); if(isset($_POST['username'])){ $stmt = $mysqli->prepare("SELECT * FROM authme WHERE username = ?"); $stmt->execute(array($_POST['username'])); if($stmt->rowCount){ $userid = $stmt->fetchAll(PDO::FETCH_ASSOC)[0]; session_start(); $_SESSION['DATAUSERID'] = array($userid['default'], $userid['masteruser']); }else{ } }else{ } return false; } /** * Hashes the given password. * * @param $password string the clear-text password to hash * @return string the resulting hash */ protected abstract function hash($password); /** * Checks whether the given password matches the hash. * * @param $password string the clear-text password * @param $hash string the password hash * @return boolean true if the password matches, false otherwise */ protected abstract function isValidPassword($password, $hash); /** * Returns a connection to the database. * * @return mysqli|null the mysqli object or null upon error */ private function getAuthmeMySqli() { // CHANGE YOUR DATABASE DETAILS HERE BELOW: host, user, password, database name $mysqli = new mysqli('31.170.167.25', 'u790604256_akashic', 'Enstone@2020', 'u790604256_db_server_game'); if (mysqli_connect_error()) { printf('Could not connect to AuthMe database. Errno: %d, error: "%s"', mysqli_connect_errno(), mysqli_connect_error()); return null; } return $mysqli; } /** * Retrieves the hash associated with the given user from the database. * * @param string $username the username whose hash should be retrieved * @return string|null the hash, or null if unavailable (e.g. username doesn't exist) */ private function getHashFromDatabase($username) { $mysqli = $this->getAuthmeMySqli(); if ($mysqli !== null) { $stmt = $mysqli->prepare('SELECT password FROM ' . self::AUTHME_TABLE . ' WHERE username = ?'); $stmt->bind_param('s', $username); $stmt->execute(); $stmt->bind_result($password); if ($stmt->fetch()) { return $password; } } return null; } } This code on bellow, is the class, where has the functions, private functios and more for code on above this line
abstract class AuthMeController { const AUTHME_TABLE = 'authme'; /** * Entry point function to check supplied credentials against the AuthMe database. * * @param string $username the username * @param string $password the password * @return bool true iff the data is correct, false otherwise */ function checkPassword($username, $password) { if (is_scalar($username) && is_scalar($password)) { $hash = $this->getHashFromDatabase($username); if ($hash) { return $this->isValidPassword($password, $hash); } } return false; } /** * Returns whether the user exists in the database or not. * * @param string $username the username to check * @return bool true if the user exists; false otherwise */ function isUserRegistered($username) { $mysqli = $this->getAuthmeMySqli(); if ($mysqli !== null) { $stmt = $mysqli->prepare('SELECT 1 FROM ' . self::AUTHME_TABLE . ' WHERE username = ?'); $stmt->bind_param('s', $username); $stmt->execute(); return $stmt->fetch(); } // Defensive default to true; we actually don't know return true; } /** * Registers a player with the given username. * * @param string $username the username to register * @param string $password the password to associate to the user * @param string $email the email (may be empty) * @return bool whether or not the registration was successful */ function register($username, $password, $email) { $email = $email ? $email : 'your@email.com'; $mysqli = $this->getAuthmeMySqli(); if ($mysqli !== null) { $hash = $this->hash($password); $stmt = $mysqli->prepare('INSERT INTO ' . self::AUTHME_TABLE . ' (username, realname, password, email, ip) ' . 'VALUES (?, ?, ?, ?, ?)'); $username_low = strtolower($username); $stmt->bind_param('sssss', $username_low, $username, $hash, $email, $_SERVER['REMOTE_ADDR']); return $stmt->execute(); } return false; } /** * Changes password for player. * * @param string $username the username * @param string $password the password * @return bool true whether or not password change was successful */ function changePassword($username, $password) { $mysqli = $this->getAuthmeMySqli(); if ($mysqli !== null) { $hash = $this->hash($password); $stmt = $mysqli->prepare('UPDATE ' . self::AUTHME_TABLE . ' SET password=? ' . 'WHERE username=?'); $username_low = strtolower($username); $stmt->bind_param('ss', $hash, $username_low); return $stmt->execute(); } return false; } function startAuthmeSession($username){ $mysqli = $this->getAuthmeMySqli(); if(isset($_POST['username'])){ $stmt = $mysqli->prepare("SELECT * FROM authme WHERE username = ?"); $stmt->execute(array($_POST['username'])); if($stmt->rowCount){ $userid = $stmt->fetchAll(PDO::FETCH_ASSOC)[0]; session_start(); $_SESSION['DATAUSERID'] = array($userid['default'], $userid['masteruser']); }else{ } }else{ } return false; } /** * Hashes the given password. * * @param $password string the clear-text password to hash * @return string the resulting hash */ protected abstract function hash($password); /** * Checks whether the given password matches the hash. * * @param $password string the clear-text password * @param $hash string the password hash * @return boolean true if the password matches, false otherwise */ protected abstract function isValidPassword($password, $hash); /** * Returns a connection to the database. * * @return mysqli|null the mysqli object or null upon error */ private function getAuthmeMySqli() { // CHANGE YOUR DATABASE DETAILS HERE BELOW: host, user, password, database name $mysqli = new mysqli('SPOILER', 'SPOILER', 'SPOILER', 'SPOILER'); if (mysqli_connect_error()) { printf('Could not connect to AuthMe database. Errno: %d, error: "%s"', mysqli_connect_errno(), mysqli_connect_error()); return null; } return $mysqli; } /** * Retrieves the hash associated with the given user from the database. * * @param string $username the username whose hash should be retrieved * @return string|null the hash, or null if unavailable (e.g. username doesn't exist) */ private function getHashFromDatabase($username) { $mysqli = $this->getAuthmeMySqli(); if ($mysqli !== null) { $stmt = $mysqli->prepare('SELECT password FROM ' . self::AUTHME_TABLE . ' WHERE username = ?'); $stmt->bind_param('s', $username); $stmt->execute(); $stmt->bind_result($password); if ($stmt->fetch()) { return $password; } } return null; } } and this code, is an extension class for AuthmeController, it is a class focused on Hash bcrypt, which I use
class Bcrypt extends AuthMeController { protected function hash($password) { return password_hash($password, PASSWORD_BCRYPT); } protected function isValidPassword($password, $hash) { return password_verify($password, $hash); } } Update - screenshot of the error message, taken from the comments:
没有评论:
发表评论