任何人都可以請指導我在哪裏做錯了。密碼散列工作正常,並存儲在我的數據庫中,但當我嘗試使用真實密碼(如123)登錄時,它不會將我登錄。謝謝!password_hash()不起作用
<?php
// registration script
if (isset($_POST['submit'])) {
$user_name = $_POST['username'];
$user_email = $_POST['email'];
$user_pass = $_POST['password'];
$query = "SELECT * FROM users where Email = '" . $_POST["email"] . "'";
$result = $obj->run_query($query);
if ($count = mysqli_num_rows($result) == 0) {
$query = "INSERT INTO users (Name, Email, Pass) VALUES('" . $user_name . "', '" . $user_email . "', '" . password_hash($user_pass, PASSWORD_DEFAULT) . "')";
$result = $obj->run_query($query);
echo "<script>alert('You have successfully Registered!')</script>";
echo "<script>window.open('welcome.php','_self')</script>";
} else {
echo "<script>alert('This user email $user_email is already exist!')</script>";
}
}
// login script
if (isset($_POST['login'])) {
$name = $_POST['name'];
$email = $_POST['email'];
$password = password_hash($_POST['pass'], PASSWORD_DEFAULT);
$query = "SELECT * FROM users WHERE Email = '$email' AND Pass = '$password'";
$result = $obj->run_query($query);
if ($count = mysqli_num_rows($result) > 0) {
$_SESSION['email'] = $email;
$_SESSION['name'] = $name;
echo "<script>window.open('welcome.php','_self')</script>";
} else
{
echo "<script>alert('Your email or password is incorrect!')</script>";
}
}
?>
沒有password_hash的'提()'在你的代碼的任何地方,並說somethng是「給出錯誤「而不告訴我們錯誤是無用的。還閱讀了SQL注入攻擊和預防它。 – PeeHaa
[password_verify()](http://www.php.net/manual/en/function.password-verify.php)函數用於將用戶輸入的明文密碼與存儲的散列密碼進行比較,在PHP文檔中描述.....你不用哈希用戶eneterd密碼並比較哈希值,它根本無法作爲password_hash()在每次調用時唯一地去除值 –
因此,您的登錄檢查代碼應該被檢索來自'users'表的記錄僅使用電子郵件地址,然後使用password_verify將用戶輸入的密碼與該SQL查詢檢索的密碼哈希進行比較 –