我正在尝试创建一个登录页面,但是即使我从数据库中输入了正确的信息,它仍然没有找到用户名和密码。
if(isset($_POST['submit'])){
$errMsg = '';
$username = $_POST['username'];
$password = $_POST['password'];
if($username == '')
$errMsg .= 'You must enter your Username<br>';
if($password == '')
$errMsg .= 'You must enter your Password<br>';
if($errMsg == ''){
$conn=new PDO("mysql:host:localhost;dbname=database",'root','');
$stmt = $conn->prepare('SELECT id,username,password FROM admin WHERE username = :username');
$stmt->bindParam(':username', $username);
$stmt->execute();
$stmt = $stmt->fetch(PDO::FETCH_ASSOC);
if(count($stmt) > 0 && password_verify($password, $stmt['password'])){
$_SESSION['username'] = $stmt['username'];
header('location:welcome.php');
exit;
}else{
$errMsg .= 'Username and Password are not found<br>';
}
}
}
答案 0 :(得分:0)
正如你所说:&#34;我手动创建了一个数据库,在表管理员里面我给了用户名root和密码root 36&#34;
password_verify函数验证密码是否与哈希匹配。
但是你传入一个字符串作为password_verify函数的第二个参数。这就是为什么它找不到匹配的原因
您应该使用admin函数将密码保存到password_hash表中作为哈希:
// saving password
password_hash("root 36", PASSWORD_DEFAULT);
...
// verifying password
...
if(count($stmt) > 0 && password_verify($password, $stmt['password'])){
...
http://php.net/manual/en/function.password-hash.php
http://php.net/manual/en/function.password-verify.php