password_verify哈希密码

时间:2018-10-18 03:15:34

标签: php

我有一个管理页面,它将插入用户ID,密码,角色。管理员插入新用户后,密码将为哈希。它工作正常,但是当我尝试使用哈希密码登录时,它将弹出“无效的用户或密码”。可能是因为我将password_verify编码放在错误的位置。有人可以帮我!

下面是我的编码

login.php

<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysqli_connect("localhost", "root", "","company");
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($connection, $username);
$password = mysqli_real_escape_string($connection, $password);

// SQL query to fetch information of registerd users and finds user match.
$query = mysqli_query($connection, "select * from login where password='$password' AND username='$username'");
$row=mysqli_fetch_assoc($query);
$rows = mysqli_num_rows($query);
if ($rows == 1) {
$pwdCheck = password_verify($password,$row['password']); $_SESSION['user']=array(
   'username'=>$row['username'],
   'password'=>$row['password'],
   'role'=>$row['role']
   );
   $role=$_SESSION['user']['role'];
   //Redirecting User Based on Role
    switch($role){

 case 'user':
if ($pwdCheck == true)          
  header("location: index.php"); // Redirecting To Other Page
  break;

  case 'admin':
if ($pwdCheck == true)          
  header("location: adminindex.php"); // Redirecting To Other Page
  break;

 }
}
else {
$error = "Username or Password is invalid";
}   
mysqli_close($connection); // Closing Connection
}
}
?>

crud_include.php(管理员插入新用户)

if (isset($_POST['save'])) {
        $username = $_POST['username'];
        $password = $_POST['password'];
        $role = $_POST['role'];

        $hashedPwd = password_hash($password, PASSWORD_DEFAULT);

        mysqli_query($db, "INSERT INTO login (username, password,role) VALUES ('$username', '$hashedPwd','$role')"); 
        $_SESSION['message'] = "Successfully saved!"; 
        header('location: crud.php');
    }

数据库(哈希工作正常,但我无法使用该用户登录

enter image description here

1 个答案:

答案 0 :(得分:1)

更改您的选择查询:在这种情况下,仅使用用户名

<?php 
$username=$_POST['username'];
$password=$_POST['password'];
$query = mysqli_query($connection, "select * from login WHERE username='$username'");
$row=mysqli_fetch_assoc($query);
$rows = mysqli_num_rows($query);
if ($rows == 1) {
    if (password_verify($password, $row['password'])) {
        echo 'Password is valid!';
        if($role=$_SESSION['user']['role'] == 'user'){
             header("location: index.php");
        }elseif($role=$_SESSION['user']['role'] == 'admin'){
            header("location: adminindex.php");
        }
    } else {
        $error = "Password is invalid";
    }
}else{
    $error = "Username is invalid";
}
?>

希望它会对您有所帮助。 Here the the link for the hash password verified