使用以下代码加密数据库中的密码:
$pas = $_POST['password'];
$pass = password_hash($pas, PASSWORD_BCRYPT);
在solucioncontroller.php中的我尝试验证加密的密码,但它不起作用
class solucionController {
include_once 'model/solucion.php';
public function Login()
{
$solucion = new solucion();
if (isset($_POST["login"]) && isset($_POST["password"]))
{
$login = htmlentities(addslashes($_POST["login"]));
$password = htmlentities(addslashes($_POST["password"]));
$solucion = $this->model->Logeo($login, $password);
$pass= $this->model->getpass();
if (password_verify($password, $pass)&&$solucion == 1)
{
setcookie('usuario', $login, time() + 3600);
session_start();
$_SESSION["Usuario"] = $login;
header("Location: view/header.php");
header("Location: view/solucion/solucion.php");
header("Location: view/Footer.php");
}
}
header('Location: index.php');
return;
}
}
在模型solucion.php中我搜索在登录视图中输入的用户和密码
class solucion {
public $res;
public function Logeo($login, $pass)
{
try {
$sql = "SELECT * FROM logeo WHERE usuario = :login AND pass = :password";
$resultado = $this->pdo->prepare($sql);
$resultado->bindValue(":login", $login);
$resultado->bindValue(":password", $pass);
$resultado->execute();
$numero_registro = $resultado->rowCount();
if ($numero_registro != 0)
{
return 1;
}
$this->res = $resultado->fetch(PDO::FETCH_ASSOC);
} catch (Exception $e) {
die($e->getMessage());
}
}
}
public function getpass(){
return $this->res['pass'];
}
登录视图中的是输入用户名和密码的表单
<?php
if(isset($_COOKIE['usuario'])){
require 'view/solucion/solucion.php';
}
else{
?>
<a class="btn btn-success pull-right" href="?c=solucion&a=Invitado">Invitado</a>
<h1>Introduce tus datos</h1>
<form action="?c=solucion&a=Login" method="post">
<div class="container">
<label for="login"><b>Username</b></label>
<input type="text" placeholder="Ingrese usuario" name="login" required>
<label for="password"><b>Password</b></label>
<input type="password" placeholder="Ingrese Contraseña" name="password" required>
<button type="submit">Login</button>
</div>
</form>
<?php }?>
输入用户名和密码时,数据将被删除,我将保留在登录视图中
答案 0 :(得分:1)
您应该使用usuario
来获取数据,而不是使用数据库中的usuario
和pass
。因为保存在数据库中的密码是哈希的,不能与用户输入的简单文本密码进行比较。更改型号代码如下:
class solucion {
public $res;
public function Logeo($login, $pass) {
try {
$sql = "SELECT * FROM logeo WHERE usuario = :login";
$resultado = $this->pdo->prepare($sql);
$resultado->bindValue(":login", $login);
$resultado->execute();
$numero_registro = $resultado->rowCount();
if ($numero_registro != 0) {
return 1;
}
$this->res = $resultado->fetch(PDO::FETCH_ASSOC);
} catch (Exception $e) {
die($e->getMessage());
}
}
}
public function getpass() {
return $this->res['pass'];
}
还需要从请求中获取密码:
$password = $_POST["password"];
而不是
$password = htmlentities(addslashes($_POST["password"]));