首页 文章

密码验证功能不起作用

提问于
浏览
0

我在php中创建一个登录/注册系统 . 我在密码验证方面遇到了大问题 . 我在注册时散列用户的密码,但是password_verify函数不起作用 . 在下面的代码中你可以看到我试图得到一个答案是否获得密码...我总是得到“错误”作为答案... $ email = mysqli_real_escape_string($ con,$ _ POST ['email' ]); $ password = mysqli_real_escape_string($ con,$ _ POST ['password']);

$result=mysqli_query($con,"SELECT * FROM users WHERE   
 email='$email'");
  $count=mysqli_num_rows($result);
  $pass=mysqli_fetch_assoc(result);
  if($count == 1)
     {
       if(password_verify($password,$pass['password']))
       {
       $_SESSION['email']=$email;
       if($checkBox="on")
       {
         setcookie("email",$email,time()+3600);
       }
       header("location: profile.php");
     }

     }
 else {
$error="Error with either the email or the password";
}
php

2 回答

  • 0

    Try this

    $result=mysqli_query($con, "SELECT count(*) as total FROM users WHERE
    password='$password'");
    $pass=mysqli_fetch_assoc($result);
    $rowcount=mysqli_num_rows($result)
     if ($rowcount >0)) {
         echo "Success";
     }
     else {
         echo "Error";
     }
    回复于
  • 0

    在您的查询中,您不能比较密码 . 因为多个用户可能具有相同的密码 . 而是使用电子邮件ID获取密码 .

    $result=mysqli_query($con, "SELECT * FROM users WHERE
email='$email'");

    在比较/验证密码之前,请对从请求中获取的密码进行哈希处理 .

    $password = mysqli_real_escape_string($con,$_POST['password']);
$password = md5($password); //Or other hash scheme you are using.

    所以你的代码就像:

    $password = mysqli_real_escape_string($con,$_POST['password']);
$password = md5($password);

$result=mysqli_query($con, "SELECT * FROM users WHERE
email='$email'");
$pass=mysqli_fetch_assoc($result);
if (password_verify($password, $pass['password'])) {
     echo "Success";
}else {
 echo "Error";
}

    Edited Code

    试试这个:

    if(isset($_POST['submit']))
{

 $email = mysqli_real_escape_string($con,$_POST['email']);
 $password = mysqli_real_escape_string($con,$_POST['password']);

  $result=mysqli_query($con,"SELECT * FROM users WHERE email='$email'");
  $count=mysqli_num_rows($result);

  if($count == 1)
     {
       $user = mysqli_fetch_assoc($result);
      if (password_verify($password, $user['password'])) {
         echo "Success";
      }else {
        echo "Error";
         $error="Error with either the email or the password";
        die;
      }
       $_SESSION['email']=$email;
       if($checkBox="on")
       {
         setcookie("email",$email,time()+3600);
       }
       header("location: profile.php");

     }
   else {
    $error="Error with either the email or the password";
  }
    回复于

相关问题