登录php

时间:2016-12-30 15:59:39

标签: php mysql login password-hash

我坚持在php中重置密码。我正在使用password_hash进行注册,使用password_verify进行登录,一切似乎都有效,直到我有了实现重置密码的想法。我的计划当然包括3个字段:oldPassword,newPassword,confirmNewPassword。

首先,我检查oldPassword是否在db中,如果是,则检查2个新密码是否正确,以便在db newpaassword中更新。问题是我可以在我的数据库中更新新的哈希密码,但是当我再次登录时,它无法识别密码而无法登录。我真的不明白为什么。

这是我的代码:

注册(也许它无用但无论如何)

if ($_POST['actiune'] == 'register') {
    $firstname = $_POST['firstName'];
    $lastname = $_POST['lastName'];
    $email = $_POST['email'];
    $_SESSION['username'] = $email;
    $password = $_POST['password'];
    $hash = password_hash($password, PASSWORD_BCRYPT);
    $age = $_POST['age'];
    $address = $_POST['address'];

    if(addUser($firstname, $lastname, $email, $hash, $age, $address)) {
        header("Location: index.php?page=profile");
    }
    else
        die("User didnt add in db.");
}

登录:

if($_POST['actiune'] == 'login') {
    $email = $_POST['email'];
    $password = $_POST['password'];
    $pass = getPassword($email);

    $verify = password_verify($password, $pass);
    if ($verify) {
        $_SESSION['username'] = $email;
        header("Location: index.php?page=profile");
    } else {
        header("Location: index.php?page=login&msg=PleaseRegister");
        die();
    }
}

resetPassword:

if($_POST['actiune'] == 'resetPassword') {
    $oldPassword = $_POST['oldPassword'];
    $newPassword = $_POST['newPassword'];
    $confirmPassword = $_POST["confirmPassword"];

    $passwordDb = getPassword($_SESSION['username']);
    $verify = password_verify($oldPassword, $passwordDb);
    if($verify) {
        setPassword($newPassword, $_SESSION['username']);
        header("location: index.php?page=profile");
    }
}

function setPassword 

function setPassword($password, $email) {
    include("connectionFile.php");

    $hash = password_hash($password, PASSWORD_BCRYPT); 
    try {
        $sql = $conn->prepare("update user set password = '$hash' where email='$email'");
        $sql->execute();
    } catch(Exception $e) {
        echo $e->getMessage();
        return false;
    }
    return true;
}

用于登录的getPassword函数:

function getPassword($email) {
    include("connectionFile.php");

    $sql = $conn->prepare("select * from user where email='$email'");
    $sql->execute();
    $result = $sql;
    foreach($result as $row) {
        $pass= $row['password'];
    }
    return $pass;
}

1 个答案:

答案 0 :(得分:0)

我在评论中写道:

setPassword($newPassword, $_SESSION['username']

你在:

中使用了错误的变量 
function setPassword($password, $email)

...

password_hash($password,

变量应该是$newPassword而不是$password

你的代码在你password_hash()完成它的工作后默默地失败了,它只是没有对所述/想要的变量进行散列。

这一点,以及我对你开放SQL注入的其他评论。

相关问题
最新问题