获取不正确的密码

时间:2018-05-31 10:27:18

标签: php sql

我无法弄清楚为什么我的密码输出不正确,我的注册页面工作正常。我每次尝试登录时都会在我的网址中显示登录名=密码错误。我试图在网上找出所有可能的问题但没有任何帮助我。

<entity>
  <id>id-2</id>
  <name>pub-2</name>
  <series name="s-21">s-21</series>
  <series name="s-22">s-22</series>  
  <series name="s-23">s-23</series>  
  <location>loc-1</location>
  <location>loc-2</location>    
</entity>

这是我的注册码它工作完全正常,我在这段代码中没有看到任何错误,所以如果你看到任何请帮帮我

    <?php 
    session_start();

      if(isset($_POST['submit'])){

    include_once 'dbt.inc.php';

    $username = mysqli_real_escape_string($conn, $_POST['username']);
    $password = mysqli_real_escape_string($conn, $_POST['password']);

    //error handlers
    if(empty($username) || empty($password)){
        header("Location: ../main_login.php?login=empty");
        exit();
    }
    else{
        $sql = "SELECT * FROM users WHERE user_username = '$username'";
        $run = mysqli_query($conn, $sql);
        $result = mysqli_num_rows($run);

        if ($result < 1) {
            header("Location: ../main_login.php?login=error");
            exit(); 
        }
        else{
            if ($row = mysqli_fetch_assoc($run)) {
                $hashedpasswordcheck = password_verify($password, $row['user_password']);
                if ($hashedpasswordcheck == false) {
                    header("Location: ../main_login.php?login=incorrect password");
                    exit();
                }
                elseif($hashedpasswordcheck == true){
                    //log in user
                    $_SESSION['user_id'] = $row['user_id'];
                    $_SESSION['user_first'] = $row['user_first'];
                    $_SESSION['user_last'] = $row['user_last'];
                    $_SESSION['user_email'] = $row['user_email'];
                    $_SESSION['user_username'] = $row['user_username'];
                    $_SESSION['user_password'] = $row['user_password'];
                    header("Location: ../main_login.php?login=success");
                    exit();

                }
            }
        }

    }
}
           else{
          header("Location: ../main_login.php?login=error");
         exit();
}



 ?>

2 个答案:

答案 0 :(得分:0)

您的注册码中的hashed_pa​​ssword变量后面有空格。

'$username','$hashed_password ')";

答案 1 :(得分:-1)

我看到......你使用password_hash ....只需用$ hash = hash(sha512,$ password)替换每个密码哈希。你也可以添加一些盐,但我不推荐,因为它不太可能是相同的密码..此外,如果你想要双重哈希它的安全性。谁也会为激活插入值1?你需要在注册的sql查询中在激活列中插入1,否则不会工作。在转义密码字符串之前...将其散列为转义...

解决方案:-(适合我)        signup.php 

    $first = mysqli_real_escape_string($conn, $_POST['first']);
    $last = mysqli_real_escape_string($conn, $_POST['last']);
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $username = mysqli_real_escape_string($conn, $_POST['username']);
    $password1 = strip_tags($_POST['password']);
    $hashed_password = password_hash($password1, PASSWORD_DEFAULT);
    $password = mysqli_real_escape_string($conn, $hashed_password);
相关问题
最新问题