1. 首頁
  2. 問答
  3. PHP登錄系統密碼不匹配

PHP登錄系統密碼不匹配

2017-07-25 161 views
0

我已經創建了一個登錄系統,它使用戶能夠使用先前定義的電子郵件和密碼登錄,但是在測試部分中,我注意到密碼錶示它們不匹配儘管我知道他們是正確的,因爲我在測試時寫下了測試結果。我似乎明白爲什麼發生這種情況,我認爲這可能是一些與我的密碼散列的,但我不知道what.The登錄頁面檢查是從文檔的login.php:PHP登錄系統密碼不匹配

if(empty($errors)) 
{ 
    $sql = "SELECT accountID, password FROM users WHERE emails=?"; 
    $stmt = $pdo->prepare($sql); 
    $stmt->execute([$data['email']]); 

    if(!$row = $stmt->fetch()) 
    { 
     // email didn't match 
     $errors['login'] = "Login failed. on email"; 
    } 
    else 
    { 
     // email matched, test password 
     if(!password_verify($data['password'],$row['password'])) 
     { 
      // password didn't match 
      $errors['login'] = "Login failed. on password"; 
     } 
     else 
     { 
      // password matched 
      $_SESSION['user_id'] = $row['accountID']; 
      header('location: welcome.php'); 
      die; 
     } 
    } 
}

插入到數據庫散列,從insert.php:

if (isset($_POST['name'])){ 
     $name = $_POST['name']; 
    } 
    if (isset($_POST['email'])){ 
     $email = $_POST['email']; 
    } 
    if (isset($_POST['password'])){ 
     $pword = $_POST['password']; 
    } 
    if (isset($_POST['busName'])){ 
     $busName = $_POST['busName']; 
    } 

    if (empty($name)){ 
     echo("Name is a required field"); 
     exit(); 
    } 
    if (empty($email)){ 
     echo ("email is a required field"); 
     exit(); 
    } 
    if (empty($pword)){ 
     echo("You must enter a password"); 
     exit(); 
    } 
    $pword = password_hash($pword, PASSWORD_DEFAULT)."/n"; 



//insert html form into database 
$insertquery= "INSERT INTO `cscw`.`users` (
`accountID` , 
`businessName` , 
`name` , 
`emails` , 
`password` 
) 
VALUES (
NULL , '$busName', '$name', '$email', '$pword' 
);";

和網頁我從login.php中所示的「登錄失敗的密碼。」如果您需要查看更多代碼,請告訴我。

來源

2017-07-25 trezremay

+0

'$ data'從哪裏來? –

+4

在你的password_hash行中放一下'。「/ n」' – Yolo

+0

@FrankM $ data = array_map('trim',$ _ POST); – trezremay

回答

0

它無法識別$ row ['password']始終與您的查詢 **
1)組織準備
2)執行
3)取
4)關閉
5)然後你能夠利用所獲取的數據。 獲取的數據需要按照returnArray函數所示進行排序。

希望有獨特的電子郵件和$data數組exists.Try這。

if(empty($errors)) 
{ 

    $sql = "SELECT accountID, password FROM users WHERE emails=:emails"; 
    $stmt = $pdo->prepare($sql); 
    $stmt->bindParam(':emails', $data['email']); 
    $stmt->execute(); 
    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); 
    $stmt->CloseCursor(); 
    $stmt=null; 

    /* Return the results is a more handy way */ 
    function returnArray($rows, $string) 
    { 
     foreach($rows as $row) 
     { 
      return $row[ $string ]; 
     } 
    } 

    if(empty($rows)) 
    { // email didn't match 
     $errors['login'] = "Login failed. on email"; 
    } 
    else 
    {  // email matched, test password 
     if(!password_verify($data['password'], returnArray($rows,'password'))) 
     { 
      // password didn't match 
      $errors['login'] = "Login failed. on password"; 
     } 
     else 
     { 
      // password matched 
      $_SESSION['user_id'] = $row['accountID']; 
      header('location: welcome.php'); 
      die; 
     } 
    } 
}

登錄頁面沒有完成,查詢不插入。要小心,因爲你不會逃避用戶操縱的變量,所以你可能會被注入SQL注入。(爲了加強安全性,添加一個表單驗證,它會很棒)。

您已使用$pword = password_hash($pword, PASSWORD_DEFAULT)."/n"; 我刪除了「/ n」部分。我似乎你正在使用連接運算符「。」添加/ n添加password_hash的結尾。

您的$ insertquery未完成且不可讀。您不需要在查詢中插入反引號。並且不需要SELECT accountID它會自動增加(查看A_I for accountID是否在您的數據庫中打勾)。 在你的登錄頁面做這樣的事情。

/* trim and escape*/ 
function escapeHtmlTrimed($data) 
{ 
    $trimed = trim($data); 
    $htmlentities = htmlentities($trimed, ENT_QUOTES | ENT_HTML5, $encoding = 'UTF-8'); 
    return $htmlentities; 
} 


if (isset($_POST['name'])){ 
    $name = escapeHtmlTrimed($_POST['name']); 
} 
if (isset($_POST['email'])){ 
    $email = escapeHtmlTrimed($_POST['email']); 
} 
if (isset($_POST['password'])){ 
    $pword = escapeHtmlTrimed($_POST['password']); 
} 
if (isset($_POST['busName'])){ 
    $busName = escapeHtmlTrimed($_POST['busName']); 
} 

if (empty($name)){ 
    echo("Name is a required field"); 
    exit(); 
} 
if (empty($email)){ 
    echo ("email is a required field"); 
    exit(); 
} 
if (empty($pword)){ 
    echo("You must enter a password"); 
    exit(); 
} 
/*Remove this your adding "./n"*/ 
$pword = password_hash($pword, PASSWORD_DEFAULT); 



//insert html form into database 
$insertquery= "INSERT INTO users (businessName ,name ,emails, 
password) VALUES (:busName , :name, :email , :pword)"; 
$stmt = $pdo->prepare($insertquery); 
$stmt->bindParam(':busName', $busName); 
$stmt->bindParam(':name', $name); 
$stmt->bindParam(':email', $email); 
$stmt->bindParam(':pword', $pword); 
$stmt->execute(); 
$stmt->CloseCursor(); 
$stmt=null;

來源

2017-07-26 03:26:03

相關問題

 相關問題