我正在尝试创建一个用于学习目的的登录注册网站,但我无法使 password_verify 工作。注册工作完美。 login.php中fetched数组的值与数据库中的值相同。数据库连接有效。但是,在调用password_verify函数时,它始终会被拒绝访问。
的index.php
<!DOCTYPE html>
<html>
<!-- Head -->
<head>
<title>Small Content Management System</title>
<link rel="stylesheet" type="text/css" href="css/style.css">
<link href='http://fonts.googleapis.com/css?family=PT+Sans+Narrow' rel='stylesheet' type='text/css'>
</head>
<!-- End head -->
<!-- Body -->
<body>
<div id="login">
<h2>Small CMS</h2>
<form name="login" method="post" action="functions/login.php">
Username:</br>
<input type="text" name="username"></br>
Password:</br>
<input type="password" name="password"></br>
<input type="submit" name="submit" value="Login">
</form>
<span id="register"><a href="register.php">Don't have an account? Register!</a></span>
</div>
</body>
<!-- End Body -->
</html>
register.php
<!DOCTYPE html>
<html>
<!-- Head -->
<head>
<title>Small Content Management System</title>
<link rel="stylesheet" type="text/css" href="css/style.css">
<link rel="stylesheet" type="text/css" href="css/register.css">
<link href='http://fonts.googleapis.com/css?family=PT+Sans+Narrow' rel='stylesheet' type='text/css'>
</head>
<!-- End head -->
<!-- Body -->
<body>
<div id="login">
<h2>Small CMS</h2>
<form name="register" method="post" action="functions/register.php">
Username:</br>
<input type="text" name="username"></br>
E-mail:</br>
<input type="text" name="email"></br>
Password:</br>
<input type="password" name="password"></br>
<input type="submit" name="submit" value="Register">
</form>
<span id="register"><a href="index.php">Already have an account? Login!</a></span>
</div>
</body>
<!-- End Body -->
</html>
的login.php
<?php
include_once '../../db.php';
if(isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
if (trim($username) != '' && trim($password) != '') {
$con = new Connection();
$query = $con->db->prepare("SELECT * FROM users WHERE username=?");
$query->bindParam(1, trim($username)) ;
$query->execute();
$res = $query->fetch(PDO::FETCH_ASSOC);
if (password_verify(trim($password), trim($res['password']))) {
echo 'Access granted!';
} else {
echo 'Access denied!';
}
} else {
echo 'Username or password invalid!';
}
}
功能/ register.php
<?php
include_once('../../db.php');
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
// Error message to catch
$err = '';
// Check if user, password and email are empty
if (trim($username) === '') {
$err = 'Invalid username!</br>';
}
if (trim($password) === '') {
$err .= 'Invalid password!</br>';
}
if (trim($email) === '') {
$err .= 'Invalid email!<br>';
}
// Checking if user is already in use
$con = new Connection();
$query = $con->db->prepare('SELECT * FROM users WHERE username=?');
$query->bindParam(1, $username);
$query->execute();
$results = $query->rowCount();
if ($results != 0) {
$err .= 'Username already in use!</br>';
}
// Checking if email is already in use
$con = new Connection();
$query = $con->db->prepare('SELECT * FROM users WHERE email=?');
$query->bindParam(1, $email);
$query->execute();
$results = $query->rowCount();
if ($results != 0) {
$err .= 'Email already in use!</br>';
}
// Inserting new user into database
if ($err === '') {
// Connecting to db
$con = new Connection();
$query = $con->db->prepare("INSERT INTO users(username, password, email) VALUES (?, ?, ?)");
$options = [
'cost' => 12,
];
$new_pass = password_hash($password, PASSWORD_BCRYPT, $options);
$query->bindParam(1, trim($username));
$query->bindParam(2, trim($new_pass));
$query->bindParam(3, trim($email));
$query->execute();
} else {
echo $err;
}
}
答案 0 :(得分:2)
好吧,这是列长,谢谢你的帮助! - Trooper
评论回答。
查看您发布的代码,一切似乎都会结束。
目前我认为的可能性是:
列长度应足够长以容纳哈希值。如果它太短并且存储如此,那么检索将是不可能的。许多人对varchar使用的数字太少了。使用255也将适应未来。
如果是这种情况,您需要重新开始使用新的寄存器/插入。