我得到了以下代码,没有任何内容被插入到我的数据库中,我无法弄清楚为什么.. password_needs_rehash()函数在它的正确位置?
我得到了一个测试,我用Javascript警报回显了新生成的内容,它显示了一个新的哈希,但是新哈希没有插入到数据库中。我的逻辑中一定有错误,但我找不到它。
<?php
session_start();
include 'mysqli.php';
$userID = strtolower($_POST['userID']);
$passwordFromForm = $_POST['password'];
$_SESSION['userID'] = $userID;
//Select the password from the requested userID and put into variable
$sql = "SELECT password FROM userdata WHERE userID = '$userID'";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
$passwordFromDatabase = $row['password'];
$verified = password_verify($passwordFromForm, $passwordFromDatabase);
if($verified == 0){
echo '<meta http-equiv="refresh" content="0; URL=index.php?triedLogin" />';
}else{
if(password_needs_rehash($passwordFromDatabase, PASSWORD_DEFAULT, ['cost' => 14])){
$passwordFromDatabase = password_hash($passwordFromDatabase, PASSWORD_DEFAULT, ['cost' => 14]);
echo "<script>alert('".$passwordFromDatabase."');</script>";
$sql = "INSERT INTO userdata ('password') VALUES ('$passwordFromDatabase')";
//NOW LOGIN WITH NEW PASSWORD
$sql = "SELECT * FROM userdata WHERE userID = '$userID' AND password = '$passwordFromDatabase'";
$result = mysqli_query($conn, $sql);
if(!$row=mysqli_fetch_assoc($result)){
echo '<meta http-equiv="refresh" content="0; URL=index.php?triedLogin" />';
} else {
$_SESSION['ID'] = $row['userID'];
unset($_SESSION['userID']);
echo '<meta http-equiv="refresh" content="0; URL=app/index.php" />';
}
}else{
$sql = "SELECT * FROM userdata WHERE userID = '$userID' AND password = '$passwordFromDatabase'";
$result = mysqli_query($conn, $sql);
if(!$row=mysqli_fetch_assoc($result)){
echo '<meta http-equiv="refresh" content="0; URL=index.php?triedLogin" />';
} else {
$_SESSION['ID'] = $row['userID'];
unset($_SESSION['userID']);
echo '<meta http-equiv="refresh" content="0; URL=app/index.php" />';
}
}
}
?>
答案 0 :(得分:0)
确保您的表字段足够大以容纳该值,因为哈希很长,它会抛出错误,因此没有INSERT。
你应该准备好你的陈述,我很惊讶你没有这样做但你进入密码哈希。