我试图检查输入的密码是否与使用函数的散列密码匹配,但我不确定如何检索散列值并将其分配给变量,以便我可以在登录中的查询中使用它功能。但它给了我他们不匹配的错误。
$login = login($username, $password);
if ($login === false) {
$errors[] = "That username and password combination is incorrect";
} else {
$_SESSION['login'] = $login;
header("Location: profile.php");
}
function hashPass($password) {
$password = password_hash($password, PASSWORD_BCRYPT);
return $password;
}
function verifyPass($username, $password) {
global $conn;
$query = "SELECT userPass FROM users where userName = '$username'";
$result = mysqli_query($conn, $query);
if (mysqli_num_rows($result) > 0) {
while($row = mysqli_fetch_assoc($result)) {
if (password_verify($password, $row['userPass'])) {
return $row['userPass'];
}
}
} else {
return false;
}
}
function login($username, $password) {
global $conn;
$password = verifyPass($password);
$query = "SELECT userId FROM users where userName = '$username' AND userPass = '$password'";
$result = mysqli_query($conn, $query);
if (mysqli_num_rows($result) > 0) {
while($row = mysqli_fetch_assoc($result)) {
return $row['userId'];
}
} else {
return false;
}
}