password_verify()期望参数2为字符串

时间:2017-09-16 11:00:37

标签: php

在尝试登录会员帐户时出现此错误:

  

致命错误:未捕获TypeError:password_verify()要求参数2为字符串,在C:\ xampp \ htdocs \ e_id \ login.php中给出null:77
  堆栈跟踪:
  #0 C:\ xampp \ htdocs \ e_id \ login.php(77):password_verify('密码',NULL)
  在第77行的C:\ xampp \ htdocs \ e_id \ login.php中抛出#1 {main}

<?php

/*
ERROR HANDLING
*/
declare(strict_types=1);
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

include 'config.php';

// check if user is already logged in
if (is_logged() === true) 
    {
        //Redirect user to homepage page after 5 seconds.
        header("refresh:2;url=home.php");
        exit;
    }


    if ($_SERVER['REQUEST_METHOD'] == "POST")
    { 
        if (isset($_POST["login_username_or_email"]) && 
        isset($_POST["login_password"]))
        {
            $username_or_email = trim($_POST["login_username_or_email"]);
            $password = $_POST["login_password"];
            $hashed_password = password_hash($password, PASSWORD_DEFAULT);

            //Select Username or Email to check against Mysql DB if they are 
            already registered or not.
            $stmt = mysqli_stmt_init($conn);

            $stmt = mysqli_prepare($conn, "SELECT usernames, emails FROM 
            users WHERE usernames = ? OR emails = ?");
            mysqli_stmt_bind_param($stmt, 'ss', $username, 
            $email_confirmation);
            mysqli_stmt_execute($stmt);
            $result = mysqli_stmt_get_result($stmt);

            $row = mysqli_fetch_array($result, MYSQLI_ASSOC);
            */

            if(strpos("$username_or_email", "@") === true)
            {
                    $email = $username_or_email;
                    $username = "";
                    $stmt = mysqli_prepare($conn, "SELECT emails FROM users 
                    WHERE emails = ?");                     
                    mysqli_stmt_bind_param($stmt, 's', $email);
            }
            else
            {
                    $username = $username_or_email;
                    $email = "";
                    $stmt = mysqli_prepare($conn, "SELECT usernames FROM 
                    users WHERE usernames = ?");
                    mysqli_stmt_bind_param($stmt, 's', $username);                  
            }               
            mysqli_stmt_execute($stmt);
            $result = mysqli_stmt_get_result($stmt); 

            $row = mysqli_fetch_array($result, MYSQLI_ASSOC);
            printf("%s (%s)\n",$row["usernames"],$row["passwords"]);
            var_dump($row);

            // Check if inputted Username or Email is registered or not.

            if (!$result) // either this paragraph or ...
            {
                    echo Incorrect User Credentials!";
                    exit;                           
            }
            elseif (password_verify($password, $row['passwords']))
            {
                    if($row['accounts_activations_statuses'] == '0')
                    {
                            echo "You have not activated your 
                            account yet! Check your email for instructions 
                            .";
                            exit;
                    }
            }
            else
            {
                    //If 'Remember Me' check box is checked then set the 
                    cookie. 
                    //if (isset($_POST['login_remember']) && 
                    $_post['login_remember'] == "on")
                    {
                            setcookie("login_username", $username, time()+ 
                            (10*365*24*60*60));
                    }
                    else
                    {
                            //If Cookie is available then use it to auto log 
                            user into his/her account!
                            if (isset($_COOKIE['login_username']))
                            {
                                    setcookie("login_username","","");
                            }
                    }
            $_SESSION["user"] = $username;
            header("location:home.php?user=$username");                             
            }                       
        }
    }

?>

&#13;
&#13;
<!DOCTYPE html>
<html>
<head>
<title><?php $site_name?> Member Login Page</title>
  <meta charset="utf-8">
</head>
<body>
<div class = "container">
<form method="post" action="">
<center><h3><?php $site_name ?> Member Login Form</h3></center>
<div class="text-danger">
<div class="form-group">
<center><label>Username/Email:</label>
<input type="text" placeholder="Enter Username" name="login_username_or_email" value="<?php if(isset($_COOKIE["login_username_or_email"])) echo $_COOKIE["login_username_or_email"]; ?>"</center>
</div>
<div class="form-group">
<center><label>Password:</label>
<input type="password" placeholder="Enter password" name="login_password" value="<?php if(isset($_COOKIE["login_password"])) echo $_COOKIE["login_password"]; ?>"></center>
</div>
<div class="form-group">
<center><label>Remember Login Details:</label>
<input type="checkbox" name="login_remember" /></center>
</div>
<div class="form-group">
<center><input type="submit" name="login_submit" value="Login" class="button button-success" /></center>
</div>
<div class="form-group">
<center><font color="red" size="3"><b>Forgot your password ?</b><br><a href="login_password_reset.php">Reset it here!</a></font></center>
<center><font color="red" size="3"><b>Not registered ?</b><br><a href="register.php">Register here!</a></font></center>
</form>
</div>
</body>
</html>
</pre>   
&#13;
&#13;
&#13;

2 个答案:

答案 0 :(得分:1)

除了所有语法shenanigans之外,您不会从查询中返回密码:

$stmt = mysqli_prepare($conn, "
  SELECT usernames FROM users WHERE usernames = ?"
);

所以它将是null

答案 1 :(得分:0)

您还需要从db

获取密码列
        if(strpos("$username_or_email", "@") === true)
        {
                $email = $username_or_email;
                $username = "";
                $stmt = mysqli_prepare($conn, "SELECT emails,passwords FROM users 
                WHERE emails = ?"); //<---Add passwords in select                  
                mysqli_stmt_bind_param($stmt, 's', $email);
        }
        else
        {
                $username = $username_or_email;
                $email = "";
                $stmt = mysqli_prepare($conn, "SELECT usernames,passwords FROM 
                users WHERE usernames = ?"); //<---Add passwords in select
                mysqli_stmt_bind_param($stmt, 's', $username);                  
        }