我正在尝试登录表单。但是,每次尝试登录时,总是会显示一条错误消息,提示我的密码不正确。我使用md5对数据库中的密码进行哈希处理。
我尝试将哈希和password_verify删除到我的代码中,但它会使用错误的密码自动登录用户
<?php
if (isset($_POST['login-submit'])) {
require 'dbh.inc.php';
$mailuid = $_POST['mailuid'];
$password = $_POST['pwd'];
if (empty($mailuid) || empty($password)){
header("Location: ../systemlogintut/index1.php?error=emptyfields");
exit();
}
else {
$sql = "SELECT * FROM users WHERE uidUsers=? OR emailUsers=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../systemlogintut/index1.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "ss", $mailuid, $password);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ($pwdCheck == false) {
header("Location: ../systemlogintut/index1.php?error=wrongpwd");
exit();
}
else if ($pwdCheck == true) {
session_start();
$_SERVER['userId'] = $row['idUsers'];
$_SERVER['userUid'] = $row['uidUsers'];
header("Location: ../systemlogintut/index1.php?login=success");
exit();
}
else {
header("Location: ../systemlogintut/index1.php?error=wrongpwd");
exit();
}
}
else {
header("Location: ../systemlogintut/index1.php?error=nouser");
exit();
}
}
}
}
else {
header("Location: ../systemlogintut/index1.php");
exit();
}
答案 0 :(得分:0)
您将自动登录用户,在此行更改重定向代码
if ($row = mysqli_fetch_assoc($result))
{
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ($pwdCheck == false) {
header("Location: ../systemlogintut/index1.php?error=wrongpwd"); // change the redirection here
exit();
}
答案 1 :(得分:0)
我只是将其更改为:
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
代替使用:
$hashedPwd = mb5($password, PASSWORD_DEFAULT);
答案 2 :(得分:0)
尝试一下 $ password = md5($ _ POST ['pwd']);