无论我在做什么,我只得到密码或用户名是不正确的字符串。出了什么问题?我曾尝试运行php的网站示例,它正在运行,所以我在做什么错误? 这是代码人员:
<?php
include __DIR__.'/includes/database.php';
class Login{
public function validateCredentials($username, $password){
global $mysqli;
$query = "SELECT password FROM users WHERE username = '".mysqli_real_escape_string($mysqli,$username)."';";
$result = $mysqli->query($query);
$row = $result->fetch_array(MYSQLI_NUM);
if(password_verify($row['0'],$password)){return true;}
return false;
}
}
$object = new Login();
if(isset($_POST['username'])&&isset($_POST['password']))
{
if($object->validateCredentials($_POST['username'],$_POST['password']))
{
echo 'Logged in!';
}
else
{
echo 'Password or username incorrect!';
}
}
else
{
echo 'Username or password not entered!';
}
?>
答案 0 :(得分:2)
让我们检查password_verify:
boolean password_verify ( string $password , string $hash )
请参阅 - 第一个参数是密码,第二个参数是哈希。 在您的代码中,反之亦然,您应该使用
if(password_verify($password, $row['0'])){return true;}
答案 1 :(得分:1)
试试这个......
<?php
include __DIR__.'/includes/database.php';
class Login{
public function validateCredentials($username, $password){
global $mysqli;
$query = "SELECT password FROM users WHERE username = '".mysqli_real_escape_string($mysqli,$username)."';";
$result = $mysqli->query($query);
$row = $result->fetch_array(MYSQLI_NUM);
return password_verify($password, $row['0']);
}
}
$object = new Login();
if(isset($_POST['username'])&&isset($_POST['password']))
{
if($object->validateCredentials($_POST['username'],$_POST['password']))
{
echo 'Logged in!';
}
else
{
echo 'Password or username incorrect!';
}
}
else
{
echo 'Username or password not entered!';
}
?>