我有一个注册表单,允许用户创建用户名和密码,然后存储在数据库中。
<?php
//values to be inserted in database table
//session_start();
include('connect.php');
//Fixed cost of 10 to fit server req
//Random salt to be added to the pass
$options = [
'cost' => 10,
'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),
];
$email = $_POST['email'];
$password= password_hash($_POST['password'], PASSWORD_BCRYPT, $options);
$username= $_POST['username'];
$query = "INSERT INTO users (username, email, password) VALUES(?, ?, ?)";
$statement = $mysqli->prepare($query);
//bind parameters for markers, where (s = string, i = integer, d = double, b = blob)
$statement->bind_param('sss', $username, $email, $password);
if($statement->execute()){
print 'Success! ID of last inserted record is : ' .$statement->insert_id .'<br />';
}else{
die('Error : ('. $mysqli->errno .') '. $mysqli->error);
}
$statement->close();
?>
这是我的脚本,用于检查用户输入的用户名和密码是否存在。
<?php
include 'connect.php';
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
die ('Username and/or password does not exist!');
}
// Prepare our SQL
if ($stmt = $mysqli->prepare('SELECT password FROM users WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$stmt->bind_param('s', $_POST['username']);
$stmt->execute();
$stmt->store_result();
// Store the result so we can check if the account exists in the database.
if ($stmt->num_rows > 0) {
$stmt->bind_result($password);
$stmt->fetch();
// Account exists, now we verify the password.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has loggedin!
echo 'You have logged in!';
} else {
echo 'Incorrect username and/or password!';
}
} else {
echo 'Incorrect username blar password!';
}
$stmt->close();
} else {
echo 'Could not prepare statement!';
}
?>
正在输出不正确的用户名和/或密码,所以我假设问题在于我在注册系统中对密码进行了哈希处理,或者它是否只是找不到我正在寻找的详细信息
HTML表单:
<div class="logmod__heading">
<span class="logmod__heading-subtitle">Enter your username and password <strong>to sign in</strong></span>
</div>
<div class="logmod__form">
<form accept-charset="utf-8" action="loggedIn.php" method='POST' class="simform">
<div class="sminputs">
<div class="input full">
<label class="string optional" for="user-name">Username*</label>
<input class="string optional" maxlength="255" id="user-email" placeholder="username" type="username" name='username' size="100" />
</div>
</div>
<div class="sminputs">
<div class="input full">
<label class="string optional" for="user-pw">Password *</label>
<input class="string optional" maxlength="255" id="user-pw" placeholder="Password" type="password" name='password' size="100" />
<span class="hide-password">Show</span>
</div>
</div>
<div class="simform__actions">
<input class="sumbit" name="commit" type="submit" value="Log In" />
<span class="simform__actions-sidetext"><a class="special" role="link" href="#">Forgot your password?<br>Click here</a></span>
</div>
</form>
</div>
答案 0 :(得分:7)
type="username"不是有效的表单元素类型。
将其更改为type="text"
但是,我之前在评论中提到过:
type =“username”使用type =“text” - Fred -ii- 20分钟前
您可能认为“用户名”类型是HTML5语法;它不是。
要查看有效HTML5输入类型列表,请参阅以下链接:
从W3.org页面中拉出:
input元素是用于表示输入控件的多用途元素。 输入元素的详细信息将在以下部分中介绍:
关于使用varchar(60)作为密码列并从password_hash()手册中提取的旁注:
PASSWORD_DEFAULT - 使用bcrypt算法(默认自PHP 5.5.0起)。请注意,此常量旨在随着时间的推移而变化,因为新的和更强大的算法被添加到PHP中。因此,使用此标识符的结果长度可能会随时间而变化。因此,建议将结果存储在数据库列中,该列可以扩展到超过60个字符(255个字符将是一个不错的选择)。