这是代码。我认为问题仅在于bcrypt。或其中的东西请帮我看看。
md5现在已经死了。很抱歉,我很抱歉这个bcrypt。
<?php
if (isset($_POST['btnLogin']))
{
$username = $_POST['username'];
$password2 = password_hash($_POST['password'],PASSWORD_BCRYPT);
$username = stripslashes($username);
$username = mysqli_real_escape_string($conn,$username);
$result=$conn->query("SELECT * FROM admin WHERE USERNAME = '$username'") or die(mysql_error());
if(!$result){
echo "<script>alert('Incorrect User.');</script>";
}
else if(!$conn)
{
die("Could not connect to database.".mysql_error());
}
else
{
while($row = mysqli_fetch_array($result))
{
@$ID = $row['ID'];
@$FULLNAME = $row['FULLNAME'];
@$USERNAME = $row['USERNAME'];
@$PICTURE = $row['PICTURE'];
@$PASSWORD = $row['PASSWORD'];
@$USER_TYPE = $row['USER_TYPE'];
@$ACCESS_TYPE = $row['ACCESS_TYPE'];
}
}
if (@$ACCESS_TYPE == '1' && password_verify($PASSWORD, $password2))
{
$_SESSION['ID'] = $ID;
$_SESSION['FULLNAME'] = $FULLNAME;
$_SESSION['USERNAME'] = $USERNAME;
$_SESSION['PICTURE'] = $PICTURE;
$_SESSION['PASSWORD'] = $PASSWORD;
$_SESSION['USER_TYPE'] = $USER_TYPE;
$_SESSION['ACCESS_TYPE'] = $ACCESS_TYPE;
echo "<script>window.location.href = 'user_log_in.php' </script>";
}
elseif (@$ACCESS_TYPE == '2' && password_verify($PASSWORD, $password2))
{
$_SESSION['ID'] = $ID;
$_SESSION['FULLNAME'] = $FULLNAME;
$_SESSION['USERNAME'] = $USERNAME;
$_SESSION['PICTURE'] = $PICTURE;
$_SESSION['PASSWORD'] = $PASSWORD;
$_SESSION['USER_TYPE'] = $USER_TYPE;
$_SESSION['ACCESS_TYPE'] = $ACCESS_TYPE;
echo "<script>window.location.href = 'user_log_in_mod.php'</script>";
}
else{
echo "<script>alert('Incorrect Password!');
</script>";
}
}
?>
答案 0 :(得分:2)
从代码中删除@。另外,就个人而言,我会看你如何利用你的变量/ sql,你通常会接受使用camelCase或下划线。
另外,除非我弄错了,否则你实际上并没有调用数据库,只是设置了查询。 而不是:
$result=$conn->query("SELECT * FROM admin WHERE USERNAME = '$username'") or die(mysql_error());
我会写(不包括转义,因为我通常会为此编写自己的函数):
$query = "SELECT * FROM admin WHERE USERNAME = '{$username}' ";
$get_users_query = mysqli_query($connection, $query);
while($row = mysqli_fetch_assoc($get_users_query)){
$ID = $row['ID'];
$FULLNAME = $row['FULLNAME'];
$USERNAME = $row['USERNAME'];
$PICTURE = $row['PICTURE'];
$PASSWORD = $row['PASSWORD'];
$USER_TYPE = $row['USER_TYPE'];
$ACCESS_TYPE = $row['ACCESS_TYPE'];
//found_password == matched password in database.
if(password_verify($password2, $PASSWORD)){
//Do your stuff.
}
}