-6
我創建了一個登錄頁面,但是當代碼想用輸入的密碼驗證哈希密碼時,它向我顯示了錯誤信息。用德魯的手冊password_verify不起作用(password_hash)
<?php
session_start();
$pdo = new PDO(xxxx);
if(isset($_GET['login'])) {
\t $username = $_POST['username'];
\t $password = $_POST['password'];
\t
\t $statement = $pdo->prepare('SELECT * FROM users WHERE username = :username');
\t $result = $statement->execute(array('username' => $username));
\t $user = $statement->fetch();
\t //verify password
\t if ($user !== false && password_verify($password, $user['passwort'])) {
\t \t $_SESSION['userid'] = $user['id'];
\t \t die('Login succesfull');
\t } else {
\t \t $errorMessage = "Login error";
\t }
\t
}
if(isset($errorMessage)) {
\t echo $errorMessage;
}
?>現在我編輯與Drew's manual幫助的代碼,但它也不管用。
<?php
session_start();
$pdo = new PDO(xxxxx);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if(isset($_GET['login'])) {
\t $username = $_POST['username'];
\t $passwort = $_POST['password'];
\t
$query = $pdo->prepare("SELECT * FROM users WHERE username=:username");
$query->bindParam(':username', $username);
$query->execute();
unset($_SESSION['username']);
if(($row = $query->fetch()) && (password_verify($passwort,$row['passwort']))){
$_SESSION['username'] = $row['username'];
//header("Location: ../../myaccount/myaccount.php");
echo "hurray, you authenticated.<br/>";
}
else {
//header("Location:../../login/login.php ");
echo "invalid login<br/>";
}
}
?>
請確保您有'$ password'和'$ user ['passwort']'的期望值,並且檢查您是否在註冊碼中對密碼進行任何字符串操作(即轉義)。 – JimL
密碼欄真的叫做* passwort *嗎? (帶t) – ShiraNai7
是的,因爲我是德國人。在我的表頭iis寫上「passwort」。 – Tim