!password_verify()没有返回正确的布尔值。即使在我的登录页面中输入正确的用户密码,它仍然会进入if语句并显示错误消息。我已将散列和未散列的密码存储在MY SQL表中进行检查,但在两种情况下均无法正常工作。
<?php
include('database_connection.php');
include('helper.php');
session_start();
$errors = array();
$username = ((isset($_POST['username']))?
sanitize($_POST['username']):'');
$username = trim($username);
$password = ((isset($_POST['password']))?
sanitize($_POST['password']):'');
$password = trim($password);
if(isset($_SESSION['user_id'])){
header('Location: index.php');
}
if(isset($_POST['login'])){
if(empty($_POST['username']) || empty($_POST['password'])){
$errors[] = "You must provide email and password.";
}
$query_execute = $db->query("SELECT * FROM login WHERE username = '$username'");
$result = mysqli_fetch_assoc($query_execute);
$pass = $result['password'];
$count = mysqli_num_rows($query_execute);
if($count<1)
{
$errors[] = "The email does'nt exist in our database.";
}
if(!password_verify($password,$result['password'])){
$errors[] = "The Password Does Not Match Our Records. Please
Try Again.";
}
if(strlen($password) < 6){
$errors[] = "Password must be atleast of 6 characters.";
}
if(!empty($errors)){
echo display_errors($errors);
}
else{
$_SESSION['user_id'] = $result['user_id'];
$_SESSION['username'] = $result['username'];
$sub_query = "INSERT INTO login_details (user_id) VALUES
('".$result['user_id']."')";
$db->query($sub_query);
$_SESSION['login_details_id'] = mysqli_insert_id($db);
header('Location: index.php');
}
}
?>
如果用户输入正确的密码,则不会显示预期的错误消息。