检查用户名是否存在，并检查密码是否匹配

Question

嗨有我在学习如何使用预处理语句。我已经想出了如何检查密码和电子邮件地址匹配，但是我希望在参数检查中也有一个标准，即电子邮件地址在系统中，并检查密码是否不匹配。

如何添加'IF/ELSE'参数来检查电子邮件地址，然后检查密码是否匹配（它目前是这样做的）。

任何帮助，将不胜感激：

$emailAddress = $_POST['emailAddress']; 
$password = $_POST['password']; 

if ($stmt = $conn->prepare("SELECT `password` FROM `users` WHERE emailAddress=?")) { 

    $stmt->bind_param("s", $emailAddress); 
    $stmt->execute(); 

    $stmt->bind_result($result); 
    $stmt->fetch(); 
    $stmt->close(); 
} 


if(password_verify($password, $result)){ 
    // Login if the email and password matches 
    session_start(); 
    $_SESSION['loggedin'] = true; 
    $_SESSION['emailAddress'] = $emailAddress; 
    header('Location: ../index.php'); 
} 
else{ 

    header('Location: ../login.php?error=1'); 
} 

$conn->close(); 

Answer 1

修改你的代码为：

$emailAddress = $_POST['emailAddress']; 
$password = $_POST['password']; 

if ($stmt = $conn->prepare("SELECT `password` FROM `users` WHERE emailAddress=?")) { 

    $stmt->bind_param("s", $emailAddress); 
    $stmt->execute(); 

    $stmt->bind_result($result); 
    $stmt->fetch(); 

    /** 
    * Another option can be 
    * if ($stmt->fetch()) { 
    */ 

    if (!empty($result)) { 
     // something is found 
     if (password_verify($password, $result)){ 
      // Login if the email and password matches 
      session_start(); 
      $_SESSION['loggedin'] = true; 
      $_SESSION['emailAddress'] = $emailAddress; 
      header('Location: ../index.php'); // or whatever 
      exit; 
     } else { 
      // No password match 
      header('Location: ../login.php?error=1'); // or whatever 
      exit; 
     } 
    } else { 
     // No email found 
     header('Location: ../login.php?error=2'); // or whatever 
     exit; 
    } 
    $stmt->close(); 
}