1. 首页
  2. 问答
  3. PHP登录系统密码不匹配

PHP登录系统密码不匹配

2017-07-25 121 views
0

我已经创建了一个登录系统,它使用户能够使用先前定义的电子邮件和密码登录,但是在测试部分中,我注意到密码表示它们不匹配尽管我知道他们是正确的,因为我在测试时写下了测试结果。我似乎明白为什么发生这种情况,我认为这可能是一些与我的密码散列的,但我不知道what.The登录页面检查是从文档的login.php:PHP登录系统密码不匹配

if(empty($errors)) 
{ 
    $sql = "SELECT accountID, password FROM users WHERE emails=?"; 
    $stmt = $pdo->prepare($sql); 
    $stmt->execute([$data['email']]); 

    if(!$row = $stmt->fetch()) 
    { 
     // email didn't match 
     $errors['login'] = "Login failed. on email"; 
    } 
    else 
    { 
     // email matched, test password 
     if(!password_verify($data['password'],$row['password'])) 
     { 
      // password didn't match 
      $errors['login'] = "Login failed. on password"; 
     } 
     else 
     { 
      // password matched 
      $_SESSION['user_id'] = $row['accountID']; 
      header('location: welcome.php'); 
      die; 
     } 
    } 
}

插入到数据库散列,从insert.php:

if (isset($_POST['name'])){ 
     $name = $_POST['name']; 
    } 
    if (isset($_POST['email'])){ 
     $email = $_POST['email']; 
    } 
    if (isset($_POST['password'])){ 
     $pword = $_POST['password']; 
    } 
    if (isset($_POST['busName'])){ 
     $busName = $_POST['busName']; 
    } 

    if (empty($name)){ 
     echo("Name is a required field"); 
     exit(); 
    } 
    if (empty($email)){ 
     echo ("email is a required field"); 
     exit(); 
    } 
    if (empty($pword)){ 
     echo("You must enter a password"); 
     exit(); 
    } 
    $pword = password_hash($pword, PASSWORD_DEFAULT)."/n"; 



//insert html form into database 
$insertquery= "INSERT INTO `cscw`.`users` (
`accountID` , 
`businessName` , 
`name` , 
`emails` , 
`password` 
) 
VALUES (
NULL , '$busName', '$name', '$email', '$pword' 
);";

和网页我从login.php中所示的“登录失败的密码。”如果您需要查看更多代码,请告诉我。

来源

2017-07-25 trezremay

+0

'$ data'从哪里来? –

+4

在你的password_hash行中放一下'。“/ n”' – Yolo

+0

@FrankM $ data = array_map('trim',$ _ POST); – trezremay

回答

0

它无法识别$ row ['password']始终与您的查询 **
1)组织准备
2)执行
3)取
4)关闭
5)然后你能够利用所获取的数据。 获取的数据需要按照returnArray函数所示进行排序。

希望有独特的电子邮件和$data数组exists.Try这。

if(empty($errors)) 
{ 

    $sql = "SELECT accountID, password FROM users WHERE emails=:emails"; 
    $stmt = $pdo->prepare($sql); 
    $stmt->bindParam(':emails', $data['email']); 
    $stmt->execute(); 
    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); 
    $stmt->CloseCursor(); 
    $stmt=null; 

    /* Return the results is a more handy way */ 
    function returnArray($rows, $string) 
    { 
     foreach($rows as $row) 
     { 
      return $row[ $string ]; 
     } 
    } 

    if(empty($rows)) 
    { // email didn't match 
     $errors['login'] = "Login failed. on email"; 
    } 
    else 
    {  // email matched, test password 
     if(!password_verify($data['password'], returnArray($rows,'password'))) 
     { 
      // password didn't match 
      $errors['login'] = "Login failed. on password"; 
     } 
     else 
     { 
      // password matched 
      $_SESSION['user_id'] = $row['accountID']; 
      header('location: welcome.php'); 
      die; 
     } 
    } 
}

登录页面没有完成,查询不插入。要小心,因为你不会逃避用户操纵的变量,所以你可能会被注入SQL注入。(为了加强安全性,添加一个表单验证,它会很棒)。

您已使用$pword = password_hash($pword, PASSWORD_DEFAULT)."/n"; 我删除了“/ n”部分。我似乎你正在使用连接运算符“。”添加/ n添加password_hash的结尾。

您的$ insertquery未完成且不可读。您不需要在查询中插入反引号。并且不需要SELECT accountID它会自动增加(查看A_I for accountID是否在您的数据库中打勾)。 在你的登录页面做这样的事情。

/* trim and escape*/ 
function escapeHtmlTrimed($data) 
{ 
    $trimed = trim($data); 
    $htmlentities = htmlentities($trimed, ENT_QUOTES | ENT_HTML5, $encoding = 'UTF-8'); 
    return $htmlentities; 
} 


if (isset($_POST['name'])){ 
    $name = escapeHtmlTrimed($_POST['name']); 
} 
if (isset($_POST['email'])){ 
    $email = escapeHtmlTrimed($_POST['email']); 
} 
if (isset($_POST['password'])){ 
    $pword = escapeHtmlTrimed($_POST['password']); 
} 
if (isset($_POST['busName'])){ 
    $busName = escapeHtmlTrimed($_POST['busName']); 
} 

if (empty($name)){ 
    echo("Name is a required field"); 
    exit(); 
} 
if (empty($email)){ 
    echo ("email is a required field"); 
    exit(); 
} 
if (empty($pword)){ 
    echo("You must enter a password"); 
    exit(); 
} 
/*Remove this your adding "./n"*/ 
$pword = password_hash($pword, PASSWORD_DEFAULT); 



//insert html form into database 
$insertquery= "INSERT INTO users (businessName ,name ,emails, 
password) VALUES (:busName , :name, :email , :pword)"; 
$stmt = $pdo->prepare($insertquery); 
$stmt->bindParam(':busName', $busName); 
$stmt->bindParam(':name', $name); 
$stmt->bindParam(':email', $email); 
$stmt->bindParam(':pword', $pword); 
$stmt->execute(); 
$stmt->CloseCursor(); 
$stmt=null;

来源

2017-07-26 03:26:03

相关问题

 相关问题