我正在使用PHPass进行密码加密和验证登录。
当我尝试登录时,它会出错:_
警告:mysqli :: prepare()[mysqli.prepare]:第41行无效的对象或资源C:\ mysqli rootfile-blahblahblah \ includes \ user.php
致命错误:在第43行的C:\ rootfile-blahblahblah \ includes \ user.php中的非对象上调用成员函数bind_param()
我按照手册进行身份验证,但由于某种原因它正在工作。
下面是身份验证功能的代码
public static function authenticate($username, $password)
{
$pwdhasher = new PasswordHash(8, FALSE);
$hashed_pwd = $pwdhasher->HashPassword($password);
$db = new mysqli();
$stmt = $db->prepare("SELECT hashed_password FROM users WHERE username=? LIMIT 1");
if (!$stmt) die($db->error);
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->bind_result($hashed_pwd);
if ($pwdhasher->CheckPassword($password, $hashed_pwd)) {
return true;
} else {
return false;
}
unset($pwdhasher);
}
对于运行函数的login.php页面:_
$username = $database->escape_value(trim($_POST['username']));
$password = $database->escape_value(trim($_POST['password']));
$user = User::find_by_id(1);
$found_user = User::authenticate($username, $password);
if ($found_user)
{
$session->login($found_user, $user);
$message = "You have Logged in.";
redirect_to("index.php");
}
else { $message = "Incorrect username/password."; }
}
我搜索了很多东西并尝试了很多东西,但无济于事。 :/
现在你看,我想要的是检查数据库中的用户名和哈希密码,如果它们是正确的则登录,我知道如何checkPassword()并用HashPassword加密它,但我找不到如何使其验证用户名和密码....