我正在尝试为我的网站创建一个API,为此我已经为此创建了一个函数。但是该功能无法使用POST功能在POSTMAN中验证我的密码。我一生无法理解自己哪里出了问题。
使用php哈希函数放置数据库中的密码:
$password =password_hash($pass, PASSWORD_DEFAULT);
。
public function userLogin($username, $password){
$stmt = $this->con->prepare("SELECT password FROM farms WHERE farmname = ? ");
$stmt->bind_param("s", $username);
$stmt->execute();
$row = $stmt->get_result()->fetch_assoc();
$hash = $row['password'];
if (password_verify($hash, $password)) {
return $stmt->num_rows > 0;
}
}
Login.php文件
require_once '../includes/DbOperations.php';
$response = array();
if($_SERVER['REQUEST_METHOD']=='POST'){
if(isset($_POST['username']) and isset($_POST['password'])){
$db = new DbOperations();
if($db->userLogin($_POST['username'], ($_POST['password']))){
$user = $db->getUserByUsername($_POST['username']);
$response['error'] = false;
$response['username'] = $user['farmname'];
}else{
$response['error'] = true;
$response['message'] = "Invalid username or password";
}
}else{
$response['error'] = true;
$response['message'] = "Required fields are missing";
}
}
echo json_encode($response);
我没有得到用户名,而是不断收到错误消息:
{“错误”:true,“消息”:“无效的用户名或密码”}
答案 0 :(得分:4)
交换参数:
if (password_verify($password,$hash)) {
答案 1 :(得分:2)
我认为userLogin
函数应该返回一个值(true / false),而不管密码是否匹配,以便if / else逻辑起作用。由于password_verify
的返回值为true或false,因此可以简单地返回。
public function userLogin($username, $password){
$sql='select `password` from `farms` where `farmname` = ?'
$stmt=$this->con->prepare( $sql );
if( !$stmt )return false;
$stmt->bind_param( 's', $username );
$res=$stmt->execute();
if( !$res )return false;
$stmt->store_result();
$stmt->bind_result( $pwd );
$stmt->fetch();
$stmt->free_result();
$stmt->close();
return password_verify( $password, $pwd );
}
-
曾经在车库里忙碌,但根据我数据库中的数据迅速整理了上述功能的一些演示。
<?php
if( $_SERVER['REQUEST_METHOD']=='POST' ){
$dbhost = 'localhost';
$dbuser = 'root';
$dbpwd = 'xxx';
$dbname = 'experiments';
$db = new mysqli( $dbhost, $dbuser, $dbpwd, $dbname );
/*
the class from which userLogin originates was unknown so I guessed
and made an ultra basic representation of what it might be.
*/
class user{
private $con;
public function __construct( $con ){
$this->con=$con;
}
public function userLogin($username, $password){
$sql='select `password` from `farms` where `farmname` = ?';
/*
as I do not have a table `farms` I chose another
table that has a hashed password column to test against.
*/
$sql='select `hashpwd` from `users` where `username`=?';
$stmt=$this->con->prepare( $sql );
if( !$stmt )return false;
$stmt->bind_param( 's', $username );
$res=$stmt->execute();
if( !$res )return false;
$stmt->store_result();
$stmt->bind_result( $pwd );
$stmt->fetch();
$stmt->free_result();
$stmt->close();
return password_verify( $password, $pwd );
}
}//end class
/* instantiate the class with the db as an argument */
$user=new user( $db );
/* capture POST vars */
$username=filter_input( INPUT_POST,'username',FILTER_SANITIZE_STRING );
$password=filter_input( INPUT_POST,'password',FILTER_SANITIZE_STRING );
/* test if the password was OK or not... */
if( $user->userLogin($username,$password) ){
echo "OK";
} else {
echo "Bogus";
}
exit();
}
?>
<!DOCTYPE html>
<html lang='en'>
<head>
<meta charset='utf-8' />
<title>Farm - Form - mySQLi</title>
</head>
<body>
<form method='post'>
<input type='text' name='username' />
<input type='password' name='password' />
<input type='submit' />
</form>
</body>
</html>
毫不奇怪,结果是"OK"
表示该功能按预期工作。因此,总而言之,我建议问题出在其他地方
答案 2 :(得分:0)
我认为您的函数在if之后需要else语句
例如:
if (password_verify($hash, $password)) {
return $stmt->num_rows > 0;
}
else{}