我用
password_hash($password, PASSWORD_BCRYPT, array("cost" => 12));
表示我的注册表单。可以在数据库中完美保存,但无法登录。
这是我的登录功能
public function Login($user, $password)
{
try {
$db = DB();
$query = $db->prepare("SELECT id FROM members WHERE user=:user AND password=:password");
$query->bindParam("user", $user, PDO::PARAM_STR);
$data = $this->query->single();
$getpass = $data['password'];
$passv = password_verify($password, $getpass);
$query->bindParam("password", $passv, PDO::PARAM_STR);
$query->execute();
if ($query->rowCount() > 0) {
$result = $query->fetch(PDO::FETCH_OBJ);
return $result->id;
} else {
return false;
}
} catch (PDOException $e) {
exit($e->getMessage());
}
}
编辑:
的login.php
<?php
// Start Session
session_start();
// Database connection
require __DIR__ . '/database.php';
$db = DB();
// Application library
require __DIR__ . 'inc/functions.php';
$app = new DemoLib();
// check Login request
if (!empty($_POST['login'])) {
$user = trim($_POST['user']);
$password = trim($_POST['password']);
if ($user == "") {
echo 'Please enter username.';
} else if ($password == "") {
echo 'Please enter password.';
} else {
$id = $app->Login($user, $password); // check user login
if($id > 0)
{
$_SESSION['id'] = $id; // Set Session
}
else
{
echo 'Wrong data.';
}
}
}
?>
答案 0 :(得分:1)
您不希望在查询期间尝试匹配密码,因为匹配哈希不起作用。为了验证密码,您需要执行以下操作:
public function Login($user, $password)
{
try {
$db = DB();
$query = $db->prepare("SELECT * FROM members WHERE user=:user"); // get everything for the user
$query->bindParam("user", $user, PDO::PARAM_STR);
//$data = $this->query->single();
$data = $query->execute();
$getpass = $data['password'];
$passv = password_verify($password, $getpass);
if ($passv) { // if the password is good
return $data['id'];
} else {
return false;
}
} catch (PDOException $e) {
exit($e->getMessage());
}
}