使用PHP和MYSQLi进行BCrypt。我正在尝试登录,但它无法正常工作

时间:2017-10-03 06:02:35

标签: php mysqli

这是代码。我认为问题仅在于bcrypt。或其中的东西请帮我看看。

md5现在已经死了。很抱歉,我很抱歉这个bcrypt。

<?php 
if (isset($_POST['btnLogin'])) 
{

    $username = $_POST['username'];
    $password2 = password_hash($_POST['password'],PASSWORD_BCRYPT);
        $username = stripslashes($username);
        $username = mysqli_real_escape_string($conn,$username);

        $result=$conn->query("SELECT * FROM admin WHERE USERNAME = '$username'") or die(mysql_error());

        if(!$result){
            echo "<script>alert('Incorrect User.');</script>";
            }
        else if(!$conn)
        {
            die("Could not connect to database.".mysql_error());
        }
        else
        {
            while($row = mysqli_fetch_array($result))
            {
                @$ID = $row['ID'];
                @$FULLNAME = $row['FULLNAME'];
                @$USERNAME = $row['USERNAME'];
        @$PICTURE = $row['PICTURE'];
                @$PASSWORD = $row['PASSWORD'];
                @$USER_TYPE = $row['USER_TYPE'];
                @$ACCESS_TYPE = $row['ACCESS_TYPE'];
            }
            }
      if (@$ACCESS_TYPE == '1' && password_verify($PASSWORD, $password2)) 
      {
         $_SESSION['ID'] = $ID;
         $_SESSION['FULLNAME'] = $FULLNAME;
         $_SESSION['USERNAME'] = $USERNAME;
         $_SESSION['PICTURE'] = $PICTURE;
         $_SESSION['PASSWORD'] = $PASSWORD;
         $_SESSION['USER_TYPE'] = $USER_TYPE;
         $_SESSION['ACCESS_TYPE'] = $ACCESS_TYPE;

         echo "<script>window.location.href = 'user_log_in.php' </script>";      
      }
        elseif (@$ACCESS_TYPE == '2' && password_verify($PASSWORD, $password2))
      {
         $_SESSION['ID'] = $ID;
         $_SESSION['FULLNAME'] = $FULLNAME;
         $_SESSION['USERNAME'] = $USERNAME;
         $_SESSION['PICTURE'] = $PICTURE;
         $_SESSION['PASSWORD'] = $PASSWORD;
         $_SESSION['USER_TYPE'] = $USER_TYPE;
         $_SESSION['ACCESS_TYPE'] = $ACCESS_TYPE;

         echo "<script>window.location.href = 'user_log_in_mod.php'</script>";      
      }
      else{
        echo "<script>alert('Incorrect Password!');
               </script>";       
      }

}
?>

1 个答案:

答案 0 :(得分:2)

从代码中删除@。另外,就个人而言,我会看你如何利用你的变量/ sql,你通常会接受使用camelCase或下划线。

另外,除非我弄错了,否则你实际上并没有调用数据库,只是设置了查询。 而不是:

$result=$conn->query("SELECT * FROM admin WHERE USERNAME = '$username'") or die(mysql_error());

我会写(不包括转义,因为我通常会为此编写自己的函数):

 $query = "SELECT * FROM admin WHERE USERNAME = '{$username}' ";
 $get_users_query = mysqli_query($connection, $query);
 while($row = mysqli_fetch_assoc($get_users_query)){
    $ID = $row['ID'];
    $FULLNAME = $row['FULLNAME'];
    $USERNAME = $row['USERNAME'];
    $PICTURE = $row['PICTURE'];
    $PASSWORD = $row['PASSWORD'];
    $USER_TYPE = $row['USER_TYPE'];
    $ACCESS_TYPE = $row['ACCESS_TYPE'];

    //found_password == matched password in database.
    if(password_verify($password2, $PASSWORD)){
    //Do your stuff.
        }
    }
相关问题
最新问题