我试图在php文件中为我创建的迷你博客创建密码哈希,我已经到了用户注册时新用户密码被哈希处理的阶段,但是当我测试新用户登录,我收到错误的密码错误。这是代码: -
<?php
//require the public header which starts a session and connects to the database
require('header_public.php');
//3. If the form is submitted or not.
//3.1 If the form is submitted
if (isset($_POST['username']) and isset($_POST['password'])){
//3.1.1 Assigning posted values to variables.
$username = db_escape($con, $_POST['username']);
$password = db_escape($con, $_POST['password']);
//3.1.2 Checking the values are existing in the database or not
$query = "SELECT * FROM user WHERE username='$username'";
$result = mysqli_query($con, $query) or die(mysqli_error($con));
$resultPassword = mysqli_query($con, $query) or die(mysqli_error($con));
$count = mysqli_num_rows($result);
//getting the hashed password from the database
while ($row=mysqli_fetch_array($resultPassword)){
$hashPassword = $row['password'];
}
//3.1.2 If the posted values are equal to the database values, then session will be created for the user.
if ($count == 1 && password_verify($password, $hashPassword)){
$_SESSION['username'] = $username;
//Get the user type for use in other areas of the site
while ($row=mysqli_fetch_array($result)){
$admin = $row['admin'];
}
//assign userid to session array
$_SESSION['admin'] = $admin;
}else{
//3.1.3 If the login credentials doesn't match, he will be shown with an error message.
$fmsg = "Invalid Login Credentials.";
}
}
if (isset($_SESSION['username'])){
//$username = $_SESSION['username'];
echo "Welcome back " . $username;
echo " </br> You will be redirected to the members area in less than 5 seconds";
header( "Refresh:3; summary_page.php");
echo "</br> <a href='logout.php'>Logout</a>";
}else{
//3.2 When the user visits the page first time, simple login form will be displayed.
?>
感谢有人提供的任何指导。我认为这个问题与使用用户名启动新会话有关,但无法确定