为什么我不用正确的密码即可登录?如下所述,我具有在我的Class用户中登录的功能,并且添加了password_verify,有趣的是,无论输入正确或不正确的密码,无论我输入的密码如何,总能使我登录到系统。
数据库连接为PDO。 我知道这里有很多错误,但是我是一个初学者。
你能帮我吗?
public function loginUser($email, $password) {
try {
require './database.php';
switch ($_POST['type']) {
case 'Buyer':
$stmt = $conn->prepare("SELECT * FROM buyer WHERE email=:email");
break;
case 'Seller':
$stmt = $conn->prepare("SELECT * FROM seller WHERE email=:email");
break;
default:
break;
}
$stmt->execute(array(
':email' => $email
));
$userRow = $stmt->fetch(PDO::FETCH_ASSOC);
if ($stmt->rowCount() > 0) {
if (password_verify($password, $userRow['password'])) {
switch ($_POST['type']) {
case 'Buyer':
$_SESSION['type'] = $_POST['type'];
$_SESSION['user_id'] = $userRow['buyer_id'];
$_SESSION['buyer_name'] = $userRow['buyer_name'];
$_SESSION['email'] = $userRow['email'];
$_SESSION['password'] = $userRow['password'];
$_SESSION['phone'] = $userRow['phone'];
$_SESSION['description'] = $userRow['description'];
return true;
break;
case 'Seller':
$_SESSION['type'] = $_POST['type'];
$_SESSION['user_id'] = $userRow['seller_id'];
$_SESSION['buyer_name'] = $userRow['seller_name'];
$_SESSION['email'] = $userRow['email'];
$_SESSION['password'] = $userRow['password'];
$_SESSION['phone'] = $userRow['phone'];
$_SESSION['description'] = $userRow['description'];
return true;
break;
default:
break;
}
} else {
return false;
}
}
}
catch (PDOException $e) {
echo $e->getMessage();
}
}
答案 0 :(得分:1)
我解决了这个问题。问题是因为我确实在功能中需要'./database.php',而database.php具有$ password =“”,并且他将每个密码更改为空字符串。