我在php中创建一个登录/注册系统。 我在密码验证方面遇到了大问题。 我在注册时散列用户的密码,但是password_verify函数不起作用。 在下面的代码中你可以看到我试图得到一个答案是否获得密码...我总是得到“错误”作为答案... $ email = mysqli_real_escape_string($ con,$ _ POST ['email']); $ password = mysqli_real_escape_string($ con,$ _ POST ['password']);
$result=mysqli_query($con,"SELECT * FROM users WHERE
email='$email'");
$count=mysqli_num_rows($result);
$pass=mysqli_fetch_assoc(result);
if($count == 1)
{
if(password_verify($password,$pass['password']))
{
$_SESSION['email']=$email;
if($checkBox="on")
{
setcookie("email",$email,time()+3600);
}
header("location: profile.php");
}
}
else {
$error="Error with either the email or the password";
}
答案 0 :(得分:0)
试试这个
$result=mysqli_query($con, "SELECT count(*) as total FROM users WHERE
password='$password'");
$pass=mysqli_fetch_assoc($result);
$rowcount=mysqli_num_rows($result)
if ($rowcount >0)) {
echo "Success";
}
else {
echo "Error";
}
答案 1 :(得分:0)
在您的查询中,您不能比较密码。因为多个用户可能具有相同的密码。而是使用电子邮件ID获取密码。
$result=mysqli_query($con, "SELECT * FROM users WHERE
email='$email'");
在比较/验证密码之前,请勾选从请求中获得的密码。
$password = mysqli_real_escape_string($con,$_POST['password']);
$password = md5($password); //Or other hash scheme you are using.
所以你的代码就像:
$password = mysqli_real_escape_string($con,$_POST['password']);
$password = md5($password);
$result=mysqli_query($con, "SELECT * FROM users WHERE
email='$email'");
$pass=mysqli_fetch_assoc($result);
if (password_verify($password, $pass['password'])) {
echo "Success";
}else {
echo "Error";
}
已编辑的代码
试试这个:
if(isset($_POST['submit']))
{
$email = mysqli_real_escape_string($con,$_POST['email']);
$password = mysqli_real_escape_string($con,$_POST['password']);
$result=mysqli_query($con,"SELECT * FROM users WHERE email='$email'");
$count=mysqli_num_rows($result);
if($count == 1)
{
$user = mysqli_fetch_assoc($result);
if (password_verify($password, $user['password'])) {
echo "Success";
}else {
echo "Error";
$error="Error with either the email or the password";
die;
}
$_SESSION['email']=$email;
if($checkBox="on")
{
setcookie("email",$email,time()+3600);
}
header("location: profile.php");
}
else {
$error="Error with either the email or the password";
}