以下代码不起作用:
登录页面:
if (isset($_POST['login'])) {
$name = $mysqli->real_escape_string($_POST['name']);
$pass = $_POST['pass'];
$query = "SELECT * FROM users WHERE name='{$name}'";
$result = $mysqli->query($query) or die($mysqli->error.__LINE__);
if($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
if(password_verify($pass, $row['pass'])){
$_SESSION['logged'] = true;
$_SESSION['name'] = $row['name'];
$_SESSION['pass'] = $row['pass'];
//header('Location: index.php');
echo "Workded";
} else {
echo "Crypt Not Matching";
}
}
}
}
用于插入数据库的代码:
if (empty($e1)) {
$password = password_hash($pass, PASSWORD_BCRYPT);
if ($mysqli->query("INSERT into users (name, pass, email, gamertag, psnid, youtube, fbauth) VALUES ('$username', '$password', '$email', '$xbox', '$psn', '$youtube', '$fbid')")) {
session_start();
$_SESSION['logged'] = true;
$_SESSION['name'] = $username;
$_SESSION['pass'] = $password;
header('Location: index.php');
}
}
有谁可以指出我做错了什么?
答案 0 :(得分:0)
1 - 调试$ _POST var并检查它是否从HTTP POST请求正确传递
var_dump($_POST);
2 - 在foreach循环中调试数据库的结果,并检查你是否正确地从db中检索信息
while($row = $result->fetch_assoc()) {
var_dump($row);
}
3 - 测试password_hash和password_verify是否正常工作。
$pwd = 'some_password';
$hash = password_hash($pwd, PASSWORD_BCRYPT);
var_dump(password_verify($pwd, $hash);