我正在制作登錄和注冊表單,并使用 password_hash 進行密碼加密,問題是當我登錄時它無法識別我的密碼并且我收到錯誤“密碼不正確”(我設定的一條訊息)。在注冊表中沒有問題,但可能與我遇到的錯誤有關。
登錄.php
<?php
include 'connect/config.php';
session_start();
error_reporting(0);
if (isset($_SESSION["user_id"])) {
header('Location: home');
}
if (isset($_POST["signin"])) {
$email = mysqli_real_escape_string($conn, $_POST["email"]);
$password = mysqli_real_escape_string($conn, $_POST["password"]);
$check_email = mysqli_query($conn, "SELECT id FROM users WHERE email='$email' AND password='$password'");
if (mysqli_num_rows($check_email) > 0) {
$row = mysqli_fetch_array($check_email);
$_SESSION["user_id"] = $row['id'];
if (password_verify($password, $row['password'])){
$msg[] = "You have successfully logged in.";
}
header('Location: home');
} else {
$msg[] = "The password or email is incorrect.";
}
}
?>
現在,如果我更改為$check_email = mysqli_query($conn, "SELECT id FROM users WHERE email='$email' AND password='$password'");,$check_email = mysqli_query($conn, "SELECT id, password FROM users WHERE email='$email'");我可以進入家中,但使用任何密碼,而不是我注冊的密碼。
注冊.php
<?php
include 'connect/config.php';
session_start();
error_reporting(0);
if (isset($_SESSION["user_id"])) {
header("Location: home");
}
if (isset($_POST["signup"])) {
$full_name = mysqli_real_escape_string($conn, $_POST["signup_full_name"]);
$email = mysqli_real_escape_string($conn, $_POST["signup_email"]);
$password = mysqli_real_escape_string($conn, $_POST["signup_password"]);
$cpassword = mysqli_real_escape_string($conn, $_POST["signup_cpassword"]);
$token = md5(rand());
$check_email = mysqli_num_rows(mysqli_query($conn, "SELECT email FROM users WHERE email='$email'"));
if ($password !== $cpassword) {
$msg[] = "Passwords do not match";
} elseif ($check_email > 0) {
$msg[] = "The email already exists, try another.";
} else {
$passHash = password_hash($password, PASSWORD_BCRYPT);
$sql = "INSERT INTO users (full_name, email, password, token, status) VALUES ('$full_name', '$email', '$passHash', '$token', '0')";
$result = mysqli_query($conn, $sql);
if ($result) {
header('Location: login');
$_POST["signup_full_name"] = "";
$_POST["signup_email"] = "";
$_POST["signup_password"] = "";
$_POST["signup_cpassword"] = "";
$msg[] = "Registered user successfully.";
} else {
$msg[] = "User registration failed, please try again later.";
}
}
}
?>
我希望你能幫助我。
查看我的代碼,但我對 php 的了解水平較低,無法找到錯誤,希望您能幫我完成,我會感謝您
uj5u.com熱心網友回復:
你不應該and password = '$password'在查詢中。資料庫中的密碼是經過哈希處理的密碼,與$password. 您應該只使用電子郵件獲取該行,然后用于password_verify()檢查密碼。
您還需要選擇該password列,以便對其進行驗證。
$check_email = mysqli_query($conn, "SELECT id, password FROM users WHERE email='$email'");
你的邏輯也有問題。home無論密碼驗證如何,您都可以設定會話變數并重定向到。它應該是:
$row = mysqli_fetch_array($check_email);
if ($row && password_verify($password, $row['password'])){
$msg[] = "You have successfully logged in.";
$_SESSION["user_id"] = $row['id'];
header('Location: home');
} else {
$msg[] = "The password or email is incorrect.";
}
在散列或驗證密碼之前,您也不應該轉義密碼。當然,如果你正確地使用帶引數的預處理陳述句,你不應該先轉義任何東西。
轉載請註明出處,本文鏈接:https://www.uj5u.com/qiye/530831.html
標籤:phpmysql验证
上一篇:獲取參考中的行數