<?php
require "Common.php";
$player_username = $_POST ["usernamePost"];
$player_password = $_POST ["passwordPost"];
$hashed_password = password_hash($player_password, PASSWORD_DEFAULT);
$conn = new mysqli ($server_host, $server_username, $server_password, $server_dbName);
$result = mysqli_query ($conn, "SELECT * FROM users WHERE Username ='$player_username' and Password = ''");
$count = mysqli_num_rows($result);
if ($count == 1) {
while ($row = mysqli_fetch_assoc ($result)) {
if (password_verify($player_password, $hashed_password)) {
echo "Signing in...<br>";
echo "ID:".$row ['ID'] . "|Username:".$row ['Username'] . "|Score:".$row ['Score'] . "|Status:".$row ['Status'];
}
}
}
else {
echo "Incorrect username or password.";
}
?>
第二個代碼段:驗證並創建哈希密碼錯誤,我可以用哈希密碼創建一個帳戶,但是,我無法驗證它?
<?php
require "Common.php";
$player_username = $_POST ["usernamePost"];
$player_password = $_POST ["passwordPost"];
$hashed_password = password_hash($player_password, PASSWORD_DEFAULT);
$conn = new mysqli ($server_host, $server_username, $server_password, $server_dbName);
$queryCode = "SELECT * FROM users WHERE Username = '$player_username'";
$query = mysqli_query ($conn, $queryCode);
if (mysqli_num_rows($query) > 0) {
echo "Username already exists.";
} else {
$sql = "INSERT INTO users (Username, Password)
VALUES ('".$player_username."','".$hashed_password."')";
$result = mysqli_query ($conn,$sql);
echo "User created.";
}
?>
我可以創建一個帳戶與哈希密碼,但是,我不能用它登錄。我在本網站上查看了有關我的問題的每篇文章。這是要麼我看着錯誤的線索,要麼我只是不明白他們在做什麼。
確保在你的數據庫中的字段寬至少60個字符。您應該真的使用'VARCHAR(255)'來說明將來散列中的變化。 –
從你的SELECT查詢中刪除這個''和Password =''「)' –
另外,你有一些令人討厭的SQL注入漏洞,請參閱:[我怎樣才能防止SQL注入PHP?](http://stackoverflow.com/q/60174/3155639) –