password_verify()和mysql出现问题,一些返回正确,有些不返回

时间:2019-04-24 18:36:08

标签: php password-hash

我对很多php缺乏经验。我有一个注册和登录页面。

从index.php页面创建的帐户运行正常,但是来自名为trucks.php页面的页面存在的verify_password();

问题

他们都使用相同的注册和登录php页面。

注册页面:


$type = $_REQUEST['type'];


// Register
$error = "";
$first = mysqli_real_escape_string($conn, $_REQUEST['first_name']);
$last = mysqli_real_escape_string($conn, $_REQUEST['last_name']);
$company_name = mysqli_real_escape_string($conn, $_REQUEST['restaurant_name']);
$email = mysqli_real_escape_string($conn, strtolower($_REQUEST['email']));
$pass = password_hash($_REQUEST['password1'],PASSWORD_DEFAULT);
$cpass = mysqli_real_escape_string($conn, $_REQUEST['password2']);
$phone = mysqli_real_escape_string($conn, $_REQUEST['phone']);
$address = mysqli_real_escape_string($conn, $_REQUEST['address']);
$city = mysqli_real_escape_string($conn, $_REQUEST['city']);
$state = mysqli_real_escape_string($conn, $_REQUEST['state']);
$zip = mysqli_real_escape_string($conn, $_REQUEST['zip']);
$website = mysqli_real_escape_string($conn, $_REQUEST['website']);

$q = "SELECT email FROM users WHERE (email='$email')";
$r = $conn->query($q);
while($row = $r->fetch_assoc())
    {
    if($row['email'] == $email)
    {
    $error = "email";
    }
    }
    if($first == "")
    {
        $error = "first";
    }
    else if($last == "")
    {
        $error = "last";
    }
    else if($email == "")
    {
        $error = "email2";
    }
  else if($pass == "")
    {
            $error = "password";
    }
    else if(!password_verify($cpass,$pass))
    {
            $error = "confirm";
    }
  else if($phone < 0 || $phone > 9999999999)
    {
            $error = "phone";
    }

if($error == "")
{
$q = "INSERT INTO users (first_name, last_name, email, password, phone, registration_date, type)
VALUES ('$first', '$last', '$email', '$pass', '$phone',  NOW(), '0')";
$conn->query($q);
session_start();
$q = "SELECT id, type FROM users WHERE email = '$email'";
$r = $conn->query($q);
while($row = $r->fetch_assoc())
    {
    $id = $row['id'];
  $type = $row['type'];
    }
$_SESSION['id']  = $id;


//Truck Register

if($type = 1)
{
// Link Company to User for login
$q = "INSERT INTO company (user_id, company_name, website, city, postal_code)
VALUES ('$id', '$company_name', '$website', '$city', '$zip')";
$conn->query($q);
}
  header("Location: ../index.php?regstatus=success");
exit;
}
else
{
  if($type == 1)
  {
    header("Location: ../trucks.php?error=$error");
  }
  else{
    header("Location: ../index.php?error=$error");
  }
}

登录页面:

$email = mysqli_real_escape_string($conn, $_REQUEST['email']);
$pass = $_REQUEST['pass'];
$rem = $_REQUEST['remember'];



$q = "SELECT id, password FROM users WHERE email = '$email'";
$r = $conn->query($q);
while($row = $r->fetch_assoc())
{
$passhash = $row['password'];
$id = $row['id'];
}
$verified = password_verify($pass, $passhash);
if($verified)
{
session_start();
$passhash = "";
$pass = "";
$_REQUEST['pass'] = "";
$_SESSION['id'] = $id;
header("Location: ../index.php");
exit;

}
else{
header("Location: ../index.php?status=false");
exit;
}




?>

尝试切换编码,从2个注册页面更改为1个,等等。

0 个答案:

没有答案
相关问题
最新问题