无法在PHP PDO中使用正确的密码登录

时间:2019-03-26 20:46:27

标签: php pdo login passwords

我正在用php PDO构建一个简单的注册/登录应用程序,当我注册并尝试使用正确的密码登录时,密码错误不断出现。这有什么问题吗?

if ($stmt->execute()) {      
    if ($stmt->rowCount() === 1) {
        if ($row = $stmt->fetch()) {
            $hashed_password = $row['password'];
            if (password_verify($password, $hashed_password)) {

                session_start();
                $_SESSION['email'] = $email;
                $_SESSION['username'] = $row['username'];
                header('location: index.php');
            } else {
                $password_err = 'The password you entered is not valid';
            }
        }
    } else {
        $email_err = 'No account found for that email';
    }

} else {
    die('Something went wrong');
}
}

这是register.php文件的一部分:

  $password = password_hash($password, PASSWORD_DEFAULT);


  $sql = 'INSERT INTO users (username, email, password) VALUES (:username, :email, :password)';

  if($stmt = $pdo->prepare($sql)){

    $stmt->bindParam(':username', $username, PDO::PARAM_STR);
    $stmt->bindParam(':email', $email, PDO::PARAM_STR);
    $stmt->bindParam(':password', $password, PDO::PARAM_STR);


    if($stmt->execute()){

      header('location: login');
    } else {
      die('Error');
    }
  }

1 个答案:

答案 0 :(得分:0)

如果我是我,我会为这样的用户创建一个类

class User{
public static function Login($data){
    $_SESSION['user_id']=$data['user_id'];
    $_SESSION['username']=$data['username'];

}

之后,我将为我的所有项目创建帖子并获取功能

function post($name)
{
    if (isset($_POST[$name])){
        if (is_array($_POST[$name]))
            return array_map(function($item){
                return htmlspecialchars(trim($item));
            }, $_POST[$name]);
        return htmlspecialchars(trim($_POST[$name]));
    }
}

function get($name)
{
    if (isset($_GET[$name])){
        if (is_array($_GET[$name]))
            return array_map(function($item){
                return htmlspecialchars(trim($item));
            }, $_GET[$name]);
        return htmlspecialchars(trim($_GET[$name]));
    }
}

然后我将创建一个函数来控制我的表单

   function form_control(...$except_these){
    unset($_POST['submit']);
    $data = [];
    $error = false;

foreach ($_POST as $key => $value){
    if (!in_array($key, $except_these)&& !post($key)){
        $error = true;
    }else {
        $data[$key] = post($key);
    }

}
    if ($error){
        return false;
    }
    return $data;
}

现在登录

if (post('submit')){
    if ($data = form_control()){

        $row = $db->query("SELECT * FROM users WHERE username = $data['username']")->fetch(PDO::FETCH_ASSOC);

        if (!$row){
            $error = 'no such user.';
        } else {

            $password_verify = password_verify($data['password'], $row['password']);
            if ($password_verify){

                    User::Login($row);

                    header('Location:');

            } else {
                $error = 'incorrect pass';
            }

        }

    } else {
        $error = 'enter your details.';
    }
}
相关问题
最新问题