我一直在遵循教程,以便为基于Android的应用程序创建登录名,但是在加密密码后,我无法获得身份验证用户。几天来我一直在寻找解决问题的方法,但是仍然没有运气。我希望我错过了一些简单的事情。
视频6(播放列表中的最后一个视频)的评论中也有很多人和我有同样的问题。
GitHub Repository for tutorial
任何支持将不胜感激,谢谢您!
Register.php
<?php
require("password.php");
$connect = mysqli_connect("localhost", "", "", "");
$name = $_POST["name"];
$email = $_POST["email"];
$username = $_POST["username"];
$password = $_POST["password"];
function registerUser() {
global $connect, $name, $username, $email, $password;
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
$statement = mysqli_prepare($connect, "INSERT INTO user (name, username, email, password) VALUES (?, ?, ?, ?)");
mysqli_stmt_bind_param($statement, "ssss", $name, $username, $email, $passwordHash);
mysqli_stmt_execute($statement);
mysqli_stmt_close($statement);
}
function usernameAvailable() {
global $connect, $username;
$statement = mysqli_prepare($connect, "SELECT * FROM user WHERE username = ?");
mysqli_stmt_bind_param($statement, "s", $username);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
$count = mysqli_stmt_num_rows($statement);
mysqli_stmt_close($statement);
if ($count < 1){
return true;
}else {
return false;
}
}
$response = array();
$response["success"] = false;
if (usernameAvailable()){
registerUser();
$response["success"] = true;
}
print_r(json_encode($response));
?>
Login.php
<?php
require("password.php");
$con = mysqli_connect("localhost", "", "", "");
$username = $_POST["username"];
$password = $_POST["password"];
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
$statement = mysqli_prepare($con, "SELECT * FROM user WHERE username = ? AND password = ?");
mysqli_stmt_bind_param($statement, "ss", $username, $passwordHash);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
mysqli_stmt_bind_result($statement, $UserID, $Name, $Username, $Email, $PasswordHash);
$response = array();
$response["success"] = false;
while(mysqli_stmt_fetch($statement)){
$response["success"] = true;
$response["name"] = $name;
$response["email"] = $email;
$response["username"] = $username;
$response["password"] = $password;
}
echo json_encode($response);
?>
LoginRequest.java
package com.###########;
import com.android.volley.Response;
import com.android.volley.toolbox.StringRequest;
import java.util.HashMap;
import java.util.Map;
public class LoginRequest extends StringRequest {
private static final String LOGIN_REQUEST_URL = "http://....................../login.php";
private Map < String, String > params;
public LoginRequest(String username, String password, Response.Listener < String > listener) {
super(Method.POST, LOGIN_REQUEST_URL, listener, null);
params = new HashMap < > ();
params.put("username", username);
params.put("password", password);
}
@Override
public Map < String, String > getParams() {
return params;
}
}
LoginActivity.java
package com.###########;
import android.content.Intent;
import android.support.v7.app.AlertDialog;
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.TextView;
import com.android.volley.RequestQueue;
import com.android.volley.Response;
import com.android.volley.toolbox.Volley;
import org.json.JSONException;
import org.json.JSONObject;
public class LoginActivity extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_login);
final EditText etUsername = (EditText) findViewById(R.id.etUsername);
final EditText etPassword = (EditText) findViewById(R.id.etPassword);
final Button bLogin = (Button) findViewById(R.id.bLogin);
final TextView registerLink = (TextView) findViewById(R.id.tvRegisterHere);
registerLink.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
Intent registerIntent = new Intent(LoginActivity.this, RegisterActivity.class);
LoginActivity.this.startActivity(registerIntent);
}
});
bLogin.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
final String username = etUsername.getText().toString();
final String password = etPassword.getText().toString();
Response.Listener<String> responseListener = new Response.Listener<String>() {
@Override
public void onResponse(String response) {
try {
JSONObject jsonResponse = new JSONObject(response);
boolean success = jsonResponse.getBoolean("success");
if (success){
String name = jsonResponse.getString("name");
String email = jsonResponse.getString("email");
Intent intent = new Intent(LoginActivity.this, UserAreaActivity.class);
intent.putExtra("name", name);
intent.putExtra("username", username);
intent.putExtra("email", email);
LoginActivity.this.startActivity(intent);
}
else {
AlertDialog.Builder builder = new AlertDialog.Builder(LoginActivity.this);
builder.setMessage("Login Failed")
.setNegativeButton("Retry", null)
.create()
.show();
}
} catch (JSONException e) {
e.printStackTrace();
}
}
};
LoginRequest loginRequest = new LoginRequest(username, password, responseListener);
loginRequest.setShouldCache(false); // Disables Caching for Volley so that multiple login requests can be submitted.
RequestQueue queue = Volley.newRequestQueue(LoginActivity.this);
queue.add(loginRequest);
}
});
}
}
答案 0 :(得分:2)
在login.php中,您应该更改以下内容:
//$passwordHash = password_hash($password, PASSWORD_DEFAULT); remove
$statement = mysqli_prepare($con, "SELECT * FROM user WHERE username = ?");
mysqli_stmt_bind_param($statement, "s", $username);
每次对密码进行哈希处理时,它都会创建一个唯一的哈希值(由于每次运行该函数时都会生成randonly的salt),因此,当您登录并进行哈希处理时,将永远不会得到匹配。您应该改用password_verify()
从查询中检索到密码后,即可进行验证:
password_verify($password, $response['password']);