Question

我不知道这是怎么发生的，因为以前我的登录密码工作得很好，现在我发现它以明文形式在phpmyadmin中显示密码。我什么都没碰，所以我很困惑现在该怎么办。

我不确定错误在哪里，但是我添加了我的 register.php 页面，并删除了我所知道的大部分代码不是问题，因此大部分是我为密码代码编写的内容：< / p>

<?php

$password = $mysqli->escape_string
            (password_hash($_POST['password'], PASSWORD_BCRYPT));

$password = trim($_POST['password']);
    $password = strip_tags($password);

$password2 = trim($_POST['password2']);
    $password2 = strip_tags($password2);

if (empty($password)){
        $error = true;
        $_SESSION['message'] = "Please enter password.";
        header("location: error.php");
    } else if(strlen($password) < 6) {
        $error = true;
        $_SESSION['message'] = "Password must have atleast 6 characters.";
        header("location: error.php");
    } else if ($password != $password2) {
        $error = true;
        $_SESSION['message'] = "Please check if both password fields match.";
        header("location: error.php");
    } else if ($password == $user_name && $password2 == $user_name) {
        $error = true;
        $_SESSION['message'] = "Please check that your 
                                password is not the same as username.";
        header("location: error.php");
    }

if( !$error ) {

        $result = $mysqli->query("SELECT * FROM users WHERE email='$email'") 
                                or die($mysqli->error());

        if ( $result->num_rows > 0 ) {

            $_SESSION['message'] = 'User with this email already exists!';
            header("location: error.php");

        }
        else {

            $sql = "INSERT INTO users (first_name, user_name, 
                                      email, password, hash) ".
                                      "VALUES ('$first_name','$user_name',
                                      '$email','$password', '$hash')";

在我的 login.php 页面上，这是我收到的实际错误，提示密码错误：

<?php

$email = $mysqli->escape_string($_POST['email']);
$result = $mysqli->query("SELECT * FROM users WHERE email='$email'");

if ( $result->num_rows == 0 ){
    $_SESSION['message'] = "User with that email doesn't exist!";
    header("location: error.php");
}
else {
    $user = $result->fetch_assoc();

    if ( password_verify($_POST['password'], $user['password']) ) {

        $_SESSION['email'] = $user['email'];
        $_SESSION['first_name'] = $user['first_name'];
        $_SESSION['user_name'] = $user['user_name'];
        $_SESSION['active'] = $user['active'];

        $_SESSION['logged_in'] = true;

        header("location: profile.php");
    }
    else {
        $_SESSION['message'] = "You have entered wrong password, try again!";
        header("location: error.php");
    }
}

Answer 1

您正在重置$password变量

<?php
//Change this to $password_encrypted
$password = $mysqli->escape_string
            (password_hash($_POST['password'], PASSWORD_BCRYPT));

$password = trim($_POST['password']);//This is overriding the above $password
    $password = strip_tags($password);

尝试将第一个$password更改为$password_encrypted之类的内容，然后在SQL语句中使用它

$sql = "INSERT INTO users (first_name, user_name, 
                                  email, password, hash) ".
                                  "VALUES ('$first_name','$user_name',
                                  '$email','$password_encrypted', '$hash')";

我也没有注意到在您提供的代码中设置了$hash变量，我认为这是在其他地方设置的吗？

PHP密码无法加密，并在数据库内部以明文显示

1 个答案: