以下是我到目前为止注册页面登录页面和主页的以下代码。请注意我只发布了php我知道一切正常,除了用户ID会话。我连接到我的数据库,第1行是id,是主键。
<?php
require ("func/insert.php");
if(isset($_POST['Submit']))
{
$first_name = mysqli_real_escape_string($con, $_POST ['first_name']);
$last_name= mysqli_real_escape_string($con, $_POST ['last_name']);
$email= mysqli_real_escape_string($con, $_POST ['email']);
$password= $_POST ['password'];
$StorePassword= password_hash($password, PASSWORD_BCRYPT, array('cost' => 10));
$sql = $con->query("INSERT INTO users ( first_name, last_name, email, password)
VALUES ( ' {$first_name} ' , ' {$last_name} ' , ' {$email} ' , ' {$StorePassword} ' )");
header('Location: login.php');
}
?>
<?php require ("func/insert.php"); ?>
<?php
if(isset($_POST['Login']))
{
$email= mysqli_real_escape_string(htmlentities($con, $_POST ['email']));
$password= mysqli_real_escape_string(htmlentities($con, $_POST ['password']));
$result = $con->query(" select * from users where email='$email' AND password='$password' ");
$row = $result->fetch_array(MYSQLI_BOTH);
session_start();
$_SESSION['UserID'] = $row['id']; //thinking this is the problem
header ('Location: home.php');
}
<?php require ("func/insert.php"); ?>
<?php
session_start();
if (isset($_SESSION['UserID'])) {
}
else {
echo "This session is not working.";
}
?>
答案 0 :(得分:0)
看起来您正在再次比较存储和哈希密码的非哈希密码。
在Login.php中 此行设置为您的密码:
$password= mysqli_real_escape_string(htmlentities($con, $_POST ['password']));
然后将其与存储在数据库中的密码进行比较。但是,该密码已经在signup.php
中进行了哈希处理 $StorePassword= password_hash($password, PASSWORD_BCRYPT, array('cost' => 10));
尝试登录时对传入密码进行哈希处理。
$TryPassword= password_hash($_POST ['password'], PASSWORD_BCRYPT, array('cost' => 10));
然后是SQL:
$result = $con->query(" select * from users where email='$email' AND password='$TryPassword' ");
在重定向到下一页之前,请确保返回一行进行调试!
print_r($result);