因此,在我的注册表单的PHP文件中,password_hash将0返回到数据库中。这是正常的吗?早些时候,当我创建一个类似的注册表单时,密码列中的文本是一堆字母和数字,所以我不确定这是否正确。此外,在创建登录表单时,即使我确定密码正确,密码也始终返回false。
简单地说,是因为我的PHP登录表单没有验证正确的密码,因为注册中的哈希密码错误为“0”或代码中的其他错误?
以下是注册表单的PHP代码的相关部分:
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//hashing password
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
//add user to db
$sql = "INSERT INTO users (name, class, email, username, password) VALUES ('$name', '$class', '$email', '$uid', '$hashedPwd');";
mysqli_query($conn, $sql);
header("Location: ../welcome.php?signup=success");
exit();
以下是登录表单的相关部分,其中密码始终返回false:
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
$sql = "SELECT * FROM users WHERE username='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1) {
header("Location: ../index.php?login=user");
exit();
}else{
if($row = mysqli_fetch_assoc($result)){
//De-hashing the password
$hashedPwdCheck = password_verify($pwd, $row['password']);
if ($hashedPwdCheck == false) {
header("Location: ../index.php?login=pass");
exit();
} elseif($hashedPwdCheck == true){
//logged in here
$_SESSION['u_name'] = $row['name'];
$_SESSION['u_class'] = $row['class'];
$_SESSION['u_email'] = $row['email'];
$_SESSION['u_uid'] = $row['username'];
header("Location: ../index.php?login=success");
exit();
}
}
}
答案 0 :(得分:0)
为什么使用mysql_real_escape_string来清除发布的数据? 首先,检查发布的密码是否正确。如果没问题,那么为插入查询创建hash,aftet escape。