我坚持在php中重置密码。我正在使用password_hash进行注册,使用password_verify进行登录,一切似乎都有效,直到我有了实现重置密码的想法。我的计划当然包括3个字段:oldPassword,newPassword,confirmNewPassword。
首先,我检查oldPassword是否在db中,如果是,则检查2个新密码是否正确,以便在db newpaassword中更新。问题是我可以在我的数据库中更新新的哈希密码,但是当我再次登录时,它无法识别密码而无法登录。我真的不明白为什么。
这是我的代码:
注册(也许它无用但无论如何)
if ($_POST['actiune'] == 'register') {
$firstname = $_POST['firstName'];
$lastname = $_POST['lastName'];
$email = $_POST['email'];
$_SESSION['username'] = $email;
$password = $_POST['password'];
$hash = password_hash($password, PASSWORD_BCRYPT);
$age = $_POST['age'];
$address = $_POST['address'];
if(addUser($firstname, $lastname, $email, $hash, $age, $address)) {
header("Location: index.php?page=profile");
}
else
die("User didnt add in db.");
}
登录:
if($_POST['actiune'] == 'login') {
$email = $_POST['email'];
$password = $_POST['password'];
$pass = getPassword($email);
$verify = password_verify($password, $pass);
if ($verify) {
$_SESSION['username'] = $email;
header("Location: index.php?page=profile");
} else {
header("Location: index.php?page=login&msg=PleaseRegister");
die();
}
}
resetPassword:
if($_POST['actiune'] == 'resetPassword') {
$oldPassword = $_POST['oldPassword'];
$newPassword = $_POST['newPassword'];
$confirmPassword = $_POST["confirmPassword"];
$passwordDb = getPassword($_SESSION['username']);
$verify = password_verify($oldPassword, $passwordDb);
if($verify) {
setPassword($newPassword, $_SESSION['username']);
header("location: index.php?page=profile");
}
}
function setPassword
function setPassword($password, $email) {
include("connectionFile.php");
$hash = password_hash($password, PASSWORD_BCRYPT);
try {
$sql = $conn->prepare("update user set password = '$hash' where email='$email'");
$sql->execute();
} catch(Exception $e) {
echo $e->getMessage();
return false;
}
return true;
}
用于登录的getPassword函数:
function getPassword($email) {
include("connectionFile.php");
$sql = $conn->prepare("select * from user where email='$email'");
$sql->execute();
$result = $sql;
foreach($result as $row) {
$pass= $row['password'];
}
return $pass;
}
答案 0 :(得分:0)
我在评论中写道:
setPassword($newPassword, $_SESSION['username']
你在:
中使用了错误的变量function setPassword($password, $email)
...
password_hash($password,
变量应该是$newPassword
而不是$password
。
你的代码在你password_hash()
完成它的工作后默默地失败了,它只是没有对所述/想要的变量进行散列。
这一点,以及我对你开放SQL注入的其他评论。