我正在尝试让登录页面正常工作但它拒绝这样做。我一直在绞尽脑汁和互联网几天没有运气。我将三重检查的mysql列长度设置为60,我不会在任何地方使用双引号。我的代码适用于使用旧的php crypt创建的1个密码,但拒绝使用password_hash创建的任何密码。
验证功能:
public static function authenticate($username="", $password="") {
global $database;
$username = $database->escape_value($username);
$password = $database->escape_value($password);
$sql = "SELECT * FROM customer ";
$sql .= "WHERE username = '{$username}' ";
$sql .= "LIMIT 1";
$result_array = self::find_by_sql($sql);
if (!empty($result_array)) {
$result = array_shift($result_array);
$hash = $result->password;
if (password_verify($password, $hash)) {
return $result;
} else {
echo "password incorrect";
return false;
}
} else {
echo "username not found";
return false;
}
}
登录页面代码:
// Remember to give your form's submit tag a name="submit" attribute!
if (isset($_POST['submit'])) { // Form has been submitted.
$username = trim($_POST['username']);
$password = $_POST['password'];
// Check database to see if username/password exist.
$found_user = User::authenticate($username, $password);
if ($found_user) {
$session->login($found_user);
redirect_to("index.php");
} else {
// username/password combo was not found in the database
$message = "Username/password combination incorrect.";
}
} else { // Form has not been submitted.
$username = "";
$password = "";
}
密码哈希和上传代码:
if (isset($_POST['pass'])) {
$customer->password = password_hash($_POST['password'], PASSWORD_BCRYPT);
if ($customer->save()) {
// Success
$_SESSION["message"] = "Password Updated.";
} else {
// Failure
$_SESSION["message"] = "Password update failed.";
}
}
请告诉我在哪里搞砸了,因为我准备把头发拉出来。
提前谢谢大家。