Question

嗨，我正在尝试验证登录页面中的一种情况，即如果我的密码是更改我，那么我想抛出一条错误消息，要求您单击以下链接来更改您的密码：不是，我会将它们重定向到仪表板。

所以我写了写条件，但是如果密码不是更改我，也会发生错误消息

这是我的代码：

 if (isset($_POST['signin'])) {

        global $DB;

        $username = $_POST['username'];
        $password = $_POST['password'];
        echo $password;
        //exit;
        $sql = "SELECT * FROM {user}  where username = ?";

        if ($user = $DB->get_record_sql($sql, array($username))) {
            echo $user->password;
            //exit;
            if (password_verify($password, $user->password)) {
                if(password_verify($password!='changeme',$user->password!='changeme')){
                  if ($user->trackforums == 1) {
                    complete_user_login($user);
                    \core\session\manager::apply_concurrent_login_limit($user->id, session_id());
                    $userauth = get_auth_plugin($USER->auth);

                    $DB->set_field('user', 'firstaccess', date('YmdHis'), array('id' => $user->id));
                    $_SESSION['username'] = $user->username;
                    $_SESSION['firstname'] = $user->firstname;
                    $_SESSION['idnumber'] = $user->idnumber;
                    $_SESSION['id'] = $user->id;
                    $_SESSION['clientid'] = $user->clientid;
                    $_SESSION['maildigest'] = $user->maildigest;
                    $_SESSION['skype'] = $user->skype;
                    $_SESSION['can_access'] = true;
                    $_SESSION['mnethostid'] = 1;
                    $_SESSION['confirmed'] = 1;

                    if (!empty($_POST["remember"])) {
                        setcookie("member_login", $_POST["username"], time() + (10 * 365 * 24 * 60 * 60));
                        setcookie("password", $_POST["password"], time() + (10 * 365 * 24 * 60 * 60));
                    } else {
                        if (isset($_COOKIE["member_login"])) {
                            setcookie("member_login", "");
                        }
                        if (isset($_COOKIE["password"])) {
                            setcookie("password", "");
                        }
                    }

                    if ($user->idnumber == '3')
                        header('location:course.php');
                    elseif ($user->idnumber == '2')
                        header('location:course.php');
                    else
                        header('location:course.php');
                }

                else {
                    ?>
                    <div class="alert alert-danger">
                        <strong> Sorry, User has been Deactivated. Contact Administrator</strong>
                    </div>
                    <?php
                }
            }
                else {
                    ?>
                    <div class="alert alert-primary">
                        <strong>Please change your password!By clicking this link <a style="color:black" href="forgot-password.php">Click Here</a></strong>
                    </div>
                    <?php
                }
            } else {
                ?>
                <div class="alert alert-danger">
                    <strong> Sorry, wrong password.</strong>
                </div>
                <?php
            }
        } else {
            ?>
            <div class="alert alert-danger">
                <strong> Sorry, wrong username.</strong>
            </div>
            <?php
        }
    }

谁能帮助我代码中的错误？

谢谢。

Answer 1

password_verify将两个参数都设为string，而不是bool。您正在第二bool中将它们作为password_verify传递。在下面的行$password != 'changeme'和$user->password != 'changeme'中，两个表达式都将返回bool。

if (password_verify($password != 'changeme', $user->password != 'changeme'))

我认为，上面的代码行应该像这样：

if ($password != 'changeme')

如果密码中的条件验证条件在php中无法正常工作

1 个答案: