在尝试登录会员帐户时出现此错误:
致命错误:未捕获TypeError:password_verify()要求参数2为字符串,在C:\ xampp \ htdocs \ e_id \ login.php中给出null:77
堆栈跟踪:
#0 C:\ xampp \ htdocs \ e_id \ login.php(77):password_verify('密码',NULL)
在第77行的C:\ xampp \ htdocs \ e_id \ login.php中抛出#1 {main}
<?php
/*
ERROR HANDLING
*/
declare(strict_types=1);
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
include 'config.php';
// check if user is already logged in
if (is_logged() === true)
{
//Redirect user to homepage page after 5 seconds.
header("refresh:2;url=home.php");
exit;
}
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
if (isset($_POST["login_username_or_email"]) &&
isset($_POST["login_password"]))
{
$username_or_email = trim($_POST["login_username_or_email"]);
$password = $_POST["login_password"];
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
//Select Username or Email to check against Mysql DB if they are
already registered or not.
$stmt = mysqli_stmt_init($conn);
$stmt = mysqli_prepare($conn, "SELECT usernames, emails FROM
users WHERE usernames = ? OR emails = ?");
mysqli_stmt_bind_param($stmt, 'ss', $username,
$email_confirmation);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
*/
if(strpos("$username_or_email", "@") === true)
{
$email = $username_or_email;
$username = "";
$stmt = mysqli_prepare($conn, "SELECT emails FROM users
WHERE emails = ?");
mysqli_stmt_bind_param($stmt, 's', $email);
}
else
{
$username = $username_or_email;
$email = "";
$stmt = mysqli_prepare($conn, "SELECT usernames FROM
users WHERE usernames = ?");
mysqli_stmt_bind_param($stmt, 's', $username);
}
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
printf("%s (%s)\n",$row["usernames"],$row["passwords"]);
var_dump($row);
// Check if inputted Username or Email is registered or not.
if (!$result) // either this paragraph or ...
{
echo Incorrect User Credentials!";
exit;
}
elseif (password_verify($password, $row['passwords']))
{
if($row['accounts_activations_statuses'] == '0')
{
echo "You have not activated your
account yet! Check your email for instructions
.";
exit;
}
}
else
{
//If 'Remember Me' check box is checked then set the
cookie.
//if (isset($_POST['login_remember']) &&
$_post['login_remember'] == "on")
{
setcookie("login_username", $username, time()+
(10*365*24*60*60));
}
else
{
//If Cookie is available then use it to auto log
user into his/her account!
if (isset($_COOKIE['login_username']))
{
setcookie("login_username","","");
}
}
$_SESSION["user"] = $username;
header("location:home.php?user=$username");
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title><?php $site_name?> Member Login Page</title>
<meta charset="utf-8">
</head>
<body>
<div class = "container">
<form method="post" action="">
<center><h3><?php $site_name ?> Member Login Form</h3></center>
<div class="text-danger">
<div class="form-group">
<center><label>Username/Email:</label>
<input type="text" placeholder="Enter Username" name="login_username_or_email" value="<?php if(isset($_COOKIE["login_username_or_email"])) echo $_COOKIE["login_username_or_email"]; ?>"</center>
</div>
<div class="form-group">
<center><label>Password:</label>
<input type="password" placeholder="Enter password" name="login_password" value="<?php if(isset($_COOKIE["login_password"])) echo $_COOKIE["login_password"]; ?>"></center>
</div>
<div class="form-group">
<center><label>Remember Login Details:</label>
<input type="checkbox" name="login_remember" /></center>
</div>
<div class="form-group">
<center><input type="submit" name="login_submit" value="Login" class="button button-success" /></center>
</div>
<div class="form-group">
<center><font color="red" size="3"><b>Forgot your password ?</b><br><a href="login_password_reset.php">Reset it here!</a></font></center>
<center><font color="red" size="3"><b>Not registered ?</b><br><a href="register.php">Register here!</a></font></center>
</form>
</div>
</body>
</html>
</pre>
答案 0 :(得分:1)
除了所有语法shenanigans之外,您不会从查询中返回密码:
$stmt = mysqli_prepare($conn, "
SELECT usernames FROM users WHERE usernames = ?"
);
所以它将是null
答案 1 :(得分:0)
您还需要从db
获取密码列 if(strpos("$username_or_email", "@") === true)
{
$email = $username_or_email;
$username = "";
$stmt = mysqli_prepare($conn, "SELECT emails,passwords FROM users
WHERE emails = ?"); //<---Add passwords in select
mysqli_stmt_bind_param($stmt, 's', $email);
}
else
{
$username = $username_or_email;
$email = "";
$stmt = mysqli_prepare($conn, "SELECT usernames,passwords FROM
users WHERE usernames = ?"); //<---Add passwords in select
mysqli_stmt_bind_param($stmt, 's', $username);
}