PHP登录页面与散列密码问题

所以我想创建一个简单的登录结构，我不知道为什么它不起作用，我明白这里有很多例子，请不要标记为重复，我真的需要一些帮助，我尝试过，但我看不出我做错了什么。PHP登录页面与散列密码问题

<?php 

session_start(); 
include 'databaseconnection.php'; 

$email = strip_tags($_POST['email']); 
$pwd = strip_tags($_POST['pwd']); 

$sql = "SELECT * FROM user WHERE email='$email'"; 
$result = mysqli_query($conn, $sql); 
$row = mysqli_fetch_assoc($result); 
$hash_pwd = $row['pwd']; 
$hash = password_verify($pwd, $hash_pwd); 

if ($hash == 0) { 
    header("Location: error.php") 
    exit(); 
} else { 

$sql = "SELECT * FROM user WHERE email='$uid' AND pwd ='$hash_pwd'"; 
$result = mysqli_query($conn, $sql); 

if (!row = mysqli_fetch_assoc($result)); { 
    echo "your email address or password is incorrect!"; 
} else { 
    $_SESSION['id'] = $row['id']; 
} 

header("Location: profile.php")

如果有人可以简单地建议我应该做什么改变，我会非常感激。

来源

2017-04-01 Deca Peptyl

你不能“去散列”密码。散列密码的重点在于它是单向操作。 – Chris

也许我使用了错误的短语，但是password_verify不会散列输入的密码，并检查它是否与数据库上存储的散列相同？ –

“不起作用”是什么意思？ – Chris

首先检查请求第二滤波器输入第三次使用PDO

<?php 
    session_start(); 
    include 'databaseconnection.php'; 
    if ($_SERVER['REQUEST_METHOD'] == 'POST'){ 
    $email = filter_input(INPUT_POST, 'email',FILTER_VALIDATE_EMAILL); //filter input 
    $pwd = filter_input(INPUT_POST, 'pwd',FILTER_SANITIZE_STRING,FILTER_FLAG_STRIP_HIGH); //filter input 
    $hashed = sha1($pwd); 

    $sql= $conn->prepare("SELECT * FROM user WHERE email ? AND password = ?"); //use pdo here 
    $sql->execute(array($email, $pwd)); 
    $row = $sql->fetch(); 

    if($row['email'] !== $email || $row['password'] !== $hashed){ 

     header("Location: error.php"); 
     exit(); 
    } else { 

     $_SESSION['id'] = $row['id']; 
     header("Location: profile.php"); 
    } 
    }else { 
     echo 'error'; 
    } 
?>

来源

2017-04-01 12:05:05

Muntadher多数民众赞成多好！但关于PDO？我不熟悉 –

你去那里简单的代码

<?php 

session_start(); 
include 'databaseconnection.php'; 

$email = $_POST['email']; 
$pwd = $_POST['pwd']; 

$sql = "SELECT * FROM user WHERE email = '$email'"; 
$result = mysqli_query($conn, $sql); 
$row = mysqli_fetch_assoc($result); 
$hash_pwd = $row['pwd']; // password from database 

// if password is valid start session and redirect to profile.php 
if (password_verify($pwd, $hash_pwd)) 
{ 
    $_SESSION['id'] = $row['id']; 
    header('Location: profile.php'); 
} 
else 
{ 
    header("Location: error.php") 
    exit(); 
} 

?>

来源

2017-04-01 12:08:31 Mario

你没有关闭 “}其他{” ......部分。

来源

2017-04-01 12:13:21 Nikkorian

PHP登录页面与散列密码问题

回答

相关问题