mysqli がデータベースに接続した後、
if(!mysqli_stmt_execute($check)){
レコードが見つからない場合、これは NULL または false を返すべきではありませんか?
この行を実行してデータベースにユーザーが存在することを確認した後、ユーザーまたはレコードが存在しない場合は NULL を返してプログラムを終了するべきではありませんか?
結果セット全体をフェッチしてループすることなく、この問題を解決するにはどうすればよいですか?
<?php
////////////// ADDED CODE ////////////
$user_exists = FALSE;
///////////////////////////////////////
$user = null;
$pass = null;
/* Connects to your Database */
$mysqli = mysqli_connect("localhost", "dbUser", "dbPassword","dbName");
if (!$mysqli) {
echo "Failed to connect to MySQL: (" . $mysqli->errno . ") " . mysqli_connect_error();
exit();
}
/* create a prepared statement */
$check = mysqli_prepare($mysqli, "SELECT username, password FROM users WHERE username = ?");
/* bind parameters for markers */
mysqli_stmt_bind_param($check, "s", $user);
echo $mysqli->host_info . "Mysql connected: Succes.\n";
/* Checks if there is a login cookie */
if (isset($_SESSION['refer'])){$location = $_SESSION['refer'];}
if(isset($_COOKIE['ID_my_site'])){
/*if there is, it logs you in and directes you to the members page */
echo "Yes there is a cookie";
$user = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
}
/* if the login form is submitted */
if (isset($_POST['submit'])) {
echo " Form submitted.";
/* if form has been submitted */
/* makes sure they filled it in */
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
/* close statement */
mysqli_stmt_close($check);
/* close connection */
mysqli_close($mysqli);
}
$user = stripslashes($_POST['username']);
$pass = stripslashes($_POST['pass']);
$pass = md5($pass);
/* checks it against the database */
/* execute query */
if(!mysqli_stmt_execute($check)){
die('That user does not exist in our database. <a href=Registration.php> Click Here to Register</a>');}
/* bind result variables */
mysqli_stmt_bind_result($check, $user_column, $pass_column);
/* fetch value */
/* Gives error if user dosen't exist */
while(mysqli_stmt_fetch($check)!= NULL){
/* gives error if the password is wrong */
$user_exists = TRUE;
echo " fetch = NOT null --->> ".$user_column;
if ($pass != $pass_column){
/* statement close */
mysqli_stmt_close($check);
/* close connection */
mysqli_close($mysqli);
die('Incorrect password, please try again.');
}
}
if(!$user_exists){
die('That user does not exist in our database. <a href=Registration.php> Click Here to Register</a>');}
/* if login is ok then we add a cookie */
$hour = time() + 3600;
setcookie(ID_my_site, $user, $hour);
setcookie(Key_my_site, $pass, $hour);
/* then redirect them to the members area */
header("Location: Members.php");
}
else
{
/* if they are not logged in */
/* added rest of code for convenience */
?>
/* if they are not logged in */
?>
<!DOCTYPE HTML>
<HTML>
<HEAD>
<meta http-equiv="Content-type" content="text/html" charset=utf-8>
<TITLE>Login</TITLE>
<style>
label,section{display:block;margin-top:20px;letter-spacing:2px;}
form {margin:0 auto;width:60%;}
input,textarea{width:55%;height:27px;padding:10px;margin-top:3px;background:#efefef;border:1px solid #dedede;font-size:0.9em;color:#3a3a3a;border-radius:5px;-web-border-radius:5px;-webkit-border-radius:5px;}
textarea{height:213px;}
input:focus,textarea:focus{border:1px solid #97d6eb;}
.body {display:block;margin:0 auto;width:70%;}
#submit {display:block;align:right;width:127px;height:38px;border:1px solid #dedede;margin-top:20px;cursor:pointer;}
#submit:hover {opacity:0.9;border:1px solid #97d6eb;}
</style>
</head>
<body>
<header class="body"><label>Login page.</label></header>
<section class ="body">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<label>Username:</label>
<input name="username" type="text" placeholder="Type your name here." autofocus required>
<label>Password</label>
<input name="pass" type="password" placeholder="*******************" autofocus required>
<input id="submit" name="submit" type="submit" value="Login">
</form>
</section>
<footer class="body"><label>Write your footer code here.</label></footer>
</body>
</html>
<?php
}
?>