我在使用password_verify使用密码验证用户时遇到问题。当我使用md5时它运行正常。但它不再起作用了。
我的代码有什么问题(我没有包含会话):
<---php process --->
<?php
$error = array();
$usererr = $passerr = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!isset($_POST['username']) || empty($_POST['username'])) {
$error[] = 'username';
$usererr = "username cannot be empty";
} else {
$preg = $_POST['username'];
if (!preg_match("/^[a-zA-Z]*$/", $preg)) {
$error [] = 'username';
$usererr = "only letters are allowed";
}
}
if (!isset($_POST['password']) || empty($_POST['password'])) {
$error[] = 'password';
$passerr = "password cannot be empty";
}
if (empty($error)) {
//check to see if username and the hashed password exist there
$username = mysql_prep($_POST['username']);
$password = mysql_prep($_POST['password']);
//perform sql query to select all data
$sql = " SELECT * FROM tbl_staff WHERE username = '{$username}' ";
$result = mysqli_query($link, $sql);
confirm_query($result); //confirm query if true
while ($result_set = mysqli_fetch_array($result)) {
if (password_verify($_POST['password'], $result_set['hashed_password'])) {
echo $password;
header("location:staff.php");
} else {
$message = "Username / password combo was not found in the database<br> Please Try again";
}
}
}//end of empty
else {
if (count($error) == 1) {
$post_info = "There was " . count($error) . " error ";
} else {
$post_info = "There were " . count($error) . " error ";
}
}//end of empty error
}//end of request method
?>
html form for login.
<table class = "table">
<tr><td class = "nav"><a href = "staff.php">Return To Menu</a></td>
<td class = "content">
<p><?php
if (!empty($message)) {
echo $message . "<br>";
}
if (!empty($error)) {
foreach ($error as $errors) {
echo"<p>" . " - " . $errors . " field contains error" . "</p>";
}
}
?></p>
<p class="error">*required fields</p>
<form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']) ?>" method="post" >
<h1 style="font-size:36px;">Login</h1>
<p align="left" ><br>
<label>Username</label>
<input maxlength="30" name="username" type="text" value="<?php
if (!empty($usererr)) {
echo $_POST['username'];
};
?>"/>
<span class="error">*</span><?php echo $usererr ?></p><br>
<label>
Password</label>
<input name="password" maxlength="30" type="text" value=""/><span class=
"error">*</span><?php echo $passerr ?>
</p>
<p> </p>
<p align="left">
<input name="create" type="submit" value="Login ">
</p>
</form>
</td>
</tr>
</table>
?>
答案 0 :(得分:0)
当我使用md5时,它工作正常。但不再工作
您确定数据库中的密码不是md5&#39>
BTW:您应该使用md5进行安全!< / EM>
编辑:
对于那个BTW部分:不是真的。 MD5从未出于安全考虑。 它是用于验证的。 - Hkan
答案 1 :(得分:0)
如果数据库中的密码哈希当前是MD5,那么这将不起作用。
您的代码似乎是正确的,请确保您的PHP版本是5.5.0或更高。
答案 2 :(得分:0)
不起作用可能是因为语法错误:
}//end of empty
else{
if(count($error)==1){
$post_info = "There was ".count($error)." error ";
}
else {
$post_info = "There were ".count($error)." error ";
}
}//end of empty error
}//end of request method
?> 并在使用php代码后使用。
}//end of empty
else{
if(count($error)==1){
$post_info = "There was ".count($error)." error ";
}
else {
$post_info = "There were ".count($error)." error ";
}
}//end of empty error
}//end of request method
?> // edit it !!
我希望它的工作!!