我并非100%确定我正确使用PHP密码验证,因为它总是说从表单输入的密码有效。我认为我的代码部分存在问题:
include('../connection/conn.php');
$stmt = $conn->prepare("SELECT * FROM users WHERE email=?");
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($db_email, $db_password);
$count = $stmt->num_rows;
//password hasing
if ($count == 1)
{
while ($stmt->fetch()) {
if (password_verify($password, $db_password))
{
echo "Sucess";
}
}
}
我会在conn.php文件内容中添加int以防万一有人需要它
<?php
global $conn;
$server = "localhost";
$user = "root";
$password = "";
$db = "loginV2";
$conn = mysqli_connect($server, $user, $password, $db);
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
else
{
echo "<p id='connection'>True</p>";
}
?>
无论我在表格中输入了什么密码,&#34;成功&#34;回显到是否输入了正确的密码的页面。这是html表单:
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]) ?>" method="post" name="input_form" onsubmit="return validateForm()">
<label>Email:</label><br>
<input type="text" name="email">
<p class="error" id="email_Err"><?php echo $emailErr ?></p>
<label>Password:</label>
<input type="password" name="password">
<p class="error" id="password_Err"><?php echo $passwordErr ?></p>
<input type="submit" value="Sign Up">
</form>
我的错误可能很愚蠢,但我已经尝试从PHP手册中学习password_verify和password_hash,据我所知,这段代码应该可行。即使它写得不好,也应该起作用。任何帮助,将不胜感激。感谢。
编辑:
除了我的mqysli_connect之外的所有代码都在一个PHP文件中,并且#34; login.php&#34;。我将在下面插入完整的代码:
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
<link rel="stylesheet" type="text/css" href="style.css" >
<link href="https://fonts.googleapis.com/css?family=Nunito:200" rel="stylesheet">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script src="//code.jquery.com/ui/1.12.1/jquery-ui.js"></script>
<script>
function validateForm()
{
var email = document.forms["input_form"]["email"].value;
var password = document.forms["input_form"]["password"].value;
var valid = true;
if (email == null || email == "")
{
document.getElementById("email_Err").innerHTML = "Email is a required field";
valid = false;
}
if (password == null || password == "")
{
document.getElementById("password_Err").innerHTML = "Password is a required field";
valid = false;
}
if (valid === false)
{
$(function()
{
$( ".form_container" ).effect("shake");
});
}
return valid;
}
$(function()
{
$('.form_container').hide().slideDown('slow');
});
</script>
</head>
<body>
<?php
$email = $password = "";
$emailErr = $passwordErr = "";
$otherErr = "";
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$dataErr = false;
if (empty($_POST["email"]))
{
$emailErr = "Email is a required field";
$dataErr = true;
}
else
{
$email = input($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email ";
$dataErr = true;
}
}
if (empty($_POST["password"]))
{
$passwordErr = "Password is a required field";
$dataErr = true;
}
else
{
$password = $_POST["password"];
if (strlen($password) < 8)
{
$passwordErr = "Invalid Entry";
$dataErr = true;
}
}
//Suspected problem here
if (!$dataErr)
{
include('../connection/conn.php');
//Duplicate Check
$stmt = $conn->prepare("SELECT * FROM users WHERE email=?");
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($db_email, $db_password);
$count = $stmt->num_rows;
//password hasing
if ($count == 1)
{
while ($stmt->fetch()) {
if (password_verify($password, $db_password))
{
echo "Sucess";
}
}
}
}
}
function input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<div class="form_container">
<h2>Login</h2>
<!-- -->
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]) ?>" method="post" name="input_form" onsubmit="return validateForm()">
<label>Email:</label><br>
<input type="text" name="email">
<p class="error" id="email_Err"><?php echo $emailErr ?></p>
<label>Password:</label>
<input type="password" name="password">
<p class="error" id="password_Err"><?php echo $passwordErr ?></p>
<input type="submit" value="Login">
</form>
<?php echo "<p style='text-align: center; color: red;'> " . $otherErr . "</p>" ?>
</div>
</body>
</html>
再次感谢
答案 0 :(得分:0)
我刚刚在自己的数据库上测试了一些东西,发现以下内容适用于我的数据库表:
$conn = mysqli_connect(...blah blah blah);
$email = "my_email_here";
$stmt = $conn->prepare("SELECT email, password FROM my_table_here WHERE email=?");
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($one, $two);
while ($stmt->fetch()) {
var_dump($one); // my email from database
var_dump($two); // my hashed password from database (looks something like $2y$10$VmfW7/b1t4SVxi7wlxjZmu8...)
}
不确定除了你问题的sql查询之外会有什么区别。
修改
你可以尝试的是:
$password = 'testing';
$hashed = password_hash($password, PASSWORD_DEFAULT);
if (password_verify($password, $hashed) {
echo "password verified";
} else {
echo "not verified";
}
将您的while语句替换为上述代码,并查看回显的内容
答案 1 :(得分:0)
发现错误。 6小时的var_dumps,问题出在conn.php
include('../connection/conn.php');
//Duplicate Check
$stmt = $conn->prepare("SELECT email, password FROM users WHERE email=?");
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($db_email, $db_password);
$stmt->fetch();
在密码验证密码之前,我们包含conn.php以连接到数据库。这包括我的数据库密码是变量名称作为用户输入密码:
<?php
global $conn;
$server = "localhost";
$user = "root";
// $password is set to nothing
$password = "";
$db = "loginV2";
$conn = mysqli_connect($server, $user, $password, $db);
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
else
{
echo "<p id='connection'>True</p>";
}
?>
这意味着当执行password_verify时,它正在比较来自conn.php的$ password,这是空白的。更改变量以连接到数据库解决了问题。