我尝试使用PHP和MySQL制作身份验证表单,但它不起作用,我想知道原因。
有没有人可以帮助我?我在先前文件中进行了密码哈希,但它们没有链接。这个是独立的。
谢谢!
<?php
session_start();
function connect_db($host, $port, $db, $username, $password)
{
$pdo = new PDO("mysql:host=$host; port=$port; dbname=$db", $username, $password);
return $pdo;
}
if (isset($_POST["email"]) && isset($_POST["password"]) && !empty($_POST["email"]) && !empty($_POST["password"]))
{
$error_pass= "";
$email = $_POST["email"];
$password = $_POST["password"];
try
{
$pdo = connect_db("localhost", 3306, "*******", "******", "*******");
$sql = $pdo-> prepare("SELECT * FROM users WHERE email = :email AND password = :password");
$sql->bindParam(':email', $email);
$sql->bindParam(':password', $password);
$sql->execute();
$req = $sql->fetch();
echo $req["password"] . "SALUT \n";
var_dump($req["password"]);
if (password_verify($password, $req['password']) == 0) {
session_unset();
$error_pass = "Incorrect email/password";
}
else {
$_SESSION["name"] = $req["name"];
header("Location: index.php", true, 302);
}
}
catch (PDOException $e)
{
echo $e->getMessage();
}
if ($error_pass) {
echo $error_pass;
}
}
else {
echo "Some fields are missing";
}
?>
<!DOCTYPE html>
<html>
<body>
<form method="post" action ="login.php">
<input type="text" name="email">
<input type="text" name="password">
<input type="submit" name="submit" value ="submit">
</form>
</body>
</html>
答案 0 :(得分:2)
从查询中删除密码。您只需通过电子邮件找到用户,然后验证密码是否正确。
abcd ef ghij asf32
fsadf ads adf