密码验证功能不起作用

时间:2016-07-23 05:29:03

标签: php

我在php中创建一个登录/注册系统。 我在密码验证方面遇到了大问题。 我在注册时散列用户的密码,但是password_verify函数不起作用。 在下面的代码中你可以看到我试图得到一个答案是否获得密码...我总是得到“错误”作为答案...      $ email = mysqli_real_escape_string($ con,$ _ POST ['email']);      $ password = mysqli_real_escape_string($ con,$ _ POST ['password']);

  $result=mysqli_query($con,"SELECT * FROM users WHERE   
 email='$email'");
  $count=mysqli_num_rows($result);
  $pass=mysqli_fetch_assoc(result);
  if($count == 1)
     {
       if(password_verify($password,$pass['password']))
       {
       $_SESSION['email']=$email;
       if($checkBox="on")
       {
         setcookie("email",$email,time()+3600);
       }
       header("location: profile.php");
     }

     }
 else {
$error="Error with either the email or the password";
}

2 个答案:

答案 0 :(得分:0)

试试这个

$result=mysqli_query($con, "SELECT count(*) as total FROM users WHERE
    password='$password'");
    $pass=mysqli_fetch_assoc($result);
    $rowcount=mysqli_num_rows($result)
     if ($rowcount >0)) {
         echo "Success";
     }
     else {
         echo "Error";
     }

答案 1 :(得分:0)

在您的查询中,您不能比较密码。因为多个用户可能具有相同的密码。而是使用电子邮件ID获取密码。

$result=mysqli_query($con, "SELECT * FROM users WHERE
email='$email'");

在比较/验证密码之前,请勾选从请求中获得的密码。

$password = mysqli_real_escape_string($con,$_POST['password']);
$password = md5($password); //Or other hash scheme you are using.

所以你的代码就像:

$password = mysqli_real_escape_string($con,$_POST['password']);
$password = md5($password);

$result=mysqli_query($con, "SELECT * FROM users WHERE
email='$email'");
$pass=mysqli_fetch_assoc($result);
if (password_verify($password, $pass['password'])) {
     echo "Success";
}else {
 echo "Error";
}

已编辑的代码

试试这个:

if(isset($_POST['submit']))
{

 $email = mysqli_real_escape_string($con,$_POST['email']);
 $password = mysqli_real_escape_string($con,$_POST['password']);

  $result=mysqli_query($con,"SELECT * FROM users WHERE email='$email'");
  $count=mysqli_num_rows($result);

  if($count == 1)
     {
       $user = mysqli_fetch_assoc($result);
      if (password_verify($password, $user['password'])) {
         echo "Success";
      }else {
        echo "Error";
         $error="Error with either the email or the password";
        die;
      }
       $_SESSION['email']=$email;
       if($checkBox="on")
       {
         setcookie("email",$email,time()+3600);
       }
       header("location: profile.php");

     }
   else {
    $error="Error with either the email or the password";
  }