任何人都可以请指导我在哪里做错了。密码散列工作正常,并存储在我的数据库中,但当我尝试使用真实密码(如123)登录时,它不会将我登录。谢谢!password_hash()不起作用
<?php
// registration script
if (isset($_POST['submit'])) {
$user_name = $_POST['username'];
$user_email = $_POST['email'];
$user_pass = $_POST['password'];
$query = "SELECT * FROM users where Email = '" . $_POST["email"] . "'";
$result = $obj->run_query($query);
if ($count = mysqli_num_rows($result) == 0) {
$query = "INSERT INTO users (Name, Email, Pass) VALUES('" . $user_name . "', '" . $user_email . "', '" . password_hash($user_pass, PASSWORD_DEFAULT) . "')";
$result = $obj->run_query($query);
echo "<script>alert('You have successfully Registered!')</script>";
echo "<script>window.open('welcome.php','_self')</script>";
} else {
echo "<script>alert('This user email $user_email is already exist!')</script>";
}
}
// login script
if (isset($_POST['login'])) {
$name = $_POST['name'];
$email = $_POST['email'];
$password = password_hash($_POST['pass'], PASSWORD_DEFAULT);
$query = "SELECT * FROM users WHERE Email = '$email' AND Pass = '$password'";
$result = $obj->run_query($query);
if ($count = mysqli_num_rows($result) > 0) {
$_SESSION['email'] = $email;
$_SESSION['name'] = $name;
echo "<script>window.open('welcome.php','_self')</script>";
} else
{
echo "<script>alert('Your email or password is incorrect!')</script>";
}
}
?>
没有password_hash的'提()'在你的代码的任何地方,并说somethng是“给出错误“而不告诉我们错误是无用的。还阅读了SQL注入攻击和预防它。 – PeeHaa
[password_verify()](http://www.php.net/manual/en/function.password-verify.php)函数用于将用户输入的明文密码与存储的散列密码进行比较,在PHP文档中描述.....你不用哈希用户eneterd密码并比较哈希值,它根本无法作为password_hash()在每次调用时唯一地去除值 –
因此,您的登录检查代码应该被检索来自'users'表的记录仅使用电子邮件地址,然后使用password_verify将用户输入的密码与该SQL查询检索的密码哈希进行比较 –