所以,我是用PHP编写一个简单的登录系统。
这里是注册码:
if ($hash == $hash2) {
$pass = password_hash($hash, PASSWORD_BCRYPT);
} else {
$message = "As password não são iguais.\\nTenta de novo.";
echo "<script type='text/javascript'>alert('$message');</script>";
echo "<script type='text/javascript'>window.location = '../registo.php';</script>";
echo "</script>";
}
$sql = "INSERT INTO user (hash) VALUES ('$pass')";
登录表单:
<form class="form" id="formLogin" style="color:#ffffff" action="stuff/login.php" method="post">
password:
<input name="password" id="password" type="password" placeholder="" style="background-color: #ffffff; color:#111111;" ><br>
<br>
<button type="submit" name="submit" id="btnLogin" style="padding-top: 5%; padding-bottom: 5%; color:#ffffff" class="btn btn-default outline center-block">Login</button>
</form>
我的login.php(为了简化我在查询中使用数据库的固定ID而只是密码字段)
require_once("db.php");
require("password.php");
if (!empty($_POST['password'])) {
$pass = htmlspecialchars($_POST['password']);
$id = 1;
$sql = "SELECT * FROM user WHERE id ='$id'";
$res = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($res);
$numRows = mysqli_num_rows($res);
$h = $row['hash'];
if($numRows == 1) {
if(password_verify($pass, $h)) {
header("Location: ../backoffice.php");
} else {
$message = $pass . " " . $h;
echo "<script type='text/javascript'>alert('$message');</script>";
echo "</script>";
}
} else {
$message = "a palavra-passe e/ou nome de utilizador est\343o errados.\\nTenta de novo.";
echo "<script type='text/javascript'>alert('$message');";
echo "window.location = '../index.php';";
echo "</script>";
}
};
当我在password_verify的else部分回显$ message时,如果要同时显示输入密码和数据库哈希,它们似乎没问题 - 来自登录表单的正确字符串结果,以及正确的哈希存储在数据库中。 但是,它并没有奏效。有什么建议吗?
答案 0 :(得分:0)
您的 password_verify 功能似乎存在问题。也许你正在尝试将密码与它的哈希相匹配。检查id值以及是否为 htmlspecialchars 功能跳过了密码的任何字符。