我已经用HTML和PHP和MySQL制作了一个基本的登录和注册表单... 通过注册用户我散列密码并在登录用户时,我无法解密密码。我也使用了password_verify函数,但它似乎不起作用.... 我该怎么办???
这是我的代码(登录脚本): -
<?php
session_start();
if (isset($_POST['Register'])) {
include 'dbh.inc.php';
$Username = mysqli_real_escape_string($conn, $_POST['Username']);
$Password = mysqli_real_escape_string($conn, $_POST['Password']);
//ERROR HANDLING
if (empty($Username) || empty($Password)) {
header("Location: ../index.php?login=empty");
exit();
} else{
$sql = "SELECT * FROM users WHERE username='$Username' OR email='$Username'";
$result = mysqli_query($conn, $sql);
$resultcheck = mysqli_num_rows($result);
if ($resultcheck < 1) {
header("Location: ../index.php?login=failure1");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)) {
//DEHASHING PASSWORD
$hashedpwdCheck = password_verify($Password, $row["password"]);
if ($hashedpwdCheck == false) {
header("Location: ../index.php?login=failure2");
exit();
} elseif ($hashedpwdCheck == true) {
//LOGINING IN THE USER
$_SESSION['username'] = $row[$Username];
header("Location: ../index.php?login=success");
exit();
}
}
}
}
} else {
header("Location: ../index.php?login=failure3");
exit();
}
这是注册表格: -
<?php
if (isset($_POST['Register'])) {
include_once 'dbh.inc.php';
$First = mysqli_real_escape_string($conn, $_POST['FName']);
$Last = mysqli_real_escape_string($conn, $_POST['LName']);
$Email = mysqli_real_escape_string($conn, $_POST['Email']);
$Email2 = mysqli_real_escape_string($conn, $_POST['Email2']);
$UName = mysqli_real_escape_string($conn, $_POST['UName']);
$Password = mysqli_real_escape_string($conn, $_POST['Password']);
$Password2 = mysqli_real_escape_string($conn, $_POST['Password2']);
$Date = date("Y-m-d");
//ERROR HANDLING
//CHECKING FOR EMPTY FIELDSif
if (empty($First) || empty($Last) || empty($Email) || empty($Email2) || empty($UName) || empty($Password) || empty($Password2)) {
header("Location: ../index.php?signup=empty");
exit();
} else {
//CHECKING IS INPUT IS VALID
if (!preg_match("/^[a-zA-Z]*$/", $First) || !preg_match("/^[a-zA-Z]*$/", $Last)) {
header("Location: ../index.php?signup=invalid");
exit();
} else {
//VALIDATING Email
if (!filter_var($Email, FILTER_VALIDATE_EMAIL) || !filter_var($Email2, FILTER_VALIDATE_EMAIL)) {
header("Location: ../index.php?signup=email");
exit();
} else {
$sql = "SELECT * FROM users WHERE username='$UName'";
$result = mysqli_query($conn, $sql);
$resultcheck = mysqli_num_rows($result);
if ($resultcheck > 0) {
header("Location: ../index.php?signup=user_taken");
exit();
} else {
//HASHING Password
$hashpwd = password_hash($Password, PASSWORD_DEFAULT);
//INSERTING USER INTO DATABASE
$sql = "INSERT INTO users (first_name, last_name, email, username, password, date_signup) VALUES ('$First', '$Last', '$Email', '$UName', '$hashpwd', '$Date');";
mysqli_query($conn, $sql);
header("Location: ../index.php?signup=success");
echo '<script>alert("Registration Done")</script>';
exit();
}
}
}
}
} else{
header("Location: ../index.php");
exit();
}
注册表格完美无缺,但登录无效