首页
学习
活动
专区
工具
TVP
发布
社区首页 >问答首页 >获取不正确的密码

获取不正确的密码
EN

Stack Overflow用户
提问于 2018-05-31 18:27:18
回答 2查看 68关注 0票数 -1

我不知道为什么我的密码是错误的,我的注册页面是工作的,我尝试登录它显示我的url.I中的login=incorrect密码。我试图找出每一个可能的问题,但没有帮助我。

代码语言:javascript
复制
    <?php 
    session_start();

      if(isset($_POST['submit'])){

    include_once 'dbt.inc.php';

    $username = mysqli_real_escape_string($conn, $_POST['username']);
    $password = mysqli_real_escape_string($conn, $_POST['password']);

    //error handlers
    if(empty($username) || empty($password)){
        header("Location: ../main_login.php?login=empty");
        exit();
    }
    else{
        $sql = "SELECT * FROM users WHERE user_username = '$username'";
        $run = mysqli_query($conn, $sql);
        $result = mysqli_num_rows($run);

        if ($result < 1) {
            header("Location: ../main_login.php?login=error");
            exit(); 
        }
        else{
            if ($row = mysqli_fetch_assoc($run)) {
                $hashedpasswordcheck = password_verify($password, $row['user_password']);
                if ($hashedpasswordcheck == false) {
                    header("Location: ../main_login.php?login=incorrect password");
                    exit();
                }
                elseif($hashedpasswordcheck == true){
                    //log in user
                    $_SESSION['user_id'] = $row['user_id'];
                    $_SESSION['user_first'] = $row['user_first'];
                    $_SESSION['user_last'] = $row['user_last'];
                    $_SESSION['user_email'] = $row['user_email'];
                    $_SESSION['user_username'] = $row['user_username'];
                    $_SESSION['user_password'] = $row['user_password'];
                    header("Location: ../main_login.php?login=success");
                    exit();

                }
            }
        }

    }
}
           else{
          header("Location: ../main_login.php?login=error");
         exit();
}



 ?>

这是我的注册代码,它工作得很好,我没有看到任何错误,所以如果你看到任何错误,请帮助我

代码语言:javascript
复制
 <?php 
if(isset ($_POST['submit'])){
    include_once 'dbt.inc.php';

    $first = mysqli_real_escape_string($conn, $_POST['first']);
    $last = mysqli_real_escape_string($conn, $_POST['last']);
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $username = mysqli_real_escape_string($conn, $_POST['username']);
    $password = mysqli_real_escape_string($conn, $_POST['password']);

        //Error Handlers
    if(empty($first) || empty($last) || empty($email) || empty($username) || empty($password)){

            header("Location: ../main_signup.php?signup=empty");
            exit();
    }
    else{
        //check if input characters are valid
        if(!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)){
            header("Location: ../main_signup.php?signup=invalid first and last name");
            exit();
        }
        else{
            //check if email is valid
            if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
                    header("Location: ../main_signup.php?signup=invalid_email");
                    exit();
            }
            else{
                $sql = "SELECT * FROM users WHERE user_username='$username'"; 
                $result = mysqli_query($conn, $sql);
                $resultCheck = mysqli_num_rows($result);

                if($resultCheck > 0){
                        header("Location: ../main_signup.php?signup=username already taken");
                        exit();

                }else{
                            //hashing the password
                            $hashed_password = password_hash($password, PASSWORD_DEFAULT);

                            //insert the user into database
                            $sql = "INSERT INTO users (user_first, user_last, user_email, user_username, user_password) VALUES('$first','$last','$email','$username','$hashed_password ')";
                            $run = mysqli_query($conn, $sql);
                            header("Location: ../main_signup.php?signup=success");
                            exit();
                        }
            }
        }
    }
}
else{
    header("Location: ../main_signup.php");
}
 ?>
EN

回答 2

Stack Overflow用户

发布于 2018-05-31 21:02:23

在注册代码中,hashed_password变量后面有一个空格。

代码语言:javascript
复制
'$username','$hashed_password ')";
票数 0
EN

Stack Overflow用户

发布于 2018-05-31 19:24:06

我明白了。您使用password_hash....just将每个密码散列替换为$hash = hash(sha512,$password)。您也可以添加一些盐,但我不建议这样做,因为不太可能使用相同的密码。另外,如果你想为了安全起见,对它进行双重散列。另外,谁将插入激活的值1?您需要在注册sql查询的激活列中插入1,否则将不起作用。也在转义之前的密码字符串...hash它的转义...

解决方案:-(适用于我) signup.php

代码语言:javascript
复制
    $first = mysqli_real_escape_string($conn, $_POST['first']);
    $last = mysqli_real_escape_string($conn, $_POST['last']);
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $username = mysqli_real_escape_string($conn, $_POST['username']);
    $password1 = strip_tags($_POST['password']);
    $hashed_password = password_hash($password1, PASSWORD_DEFAULT);
    $password = mysqli_real_escape_string($conn, $hashed_password);
票数 -1
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/50622122

复制
相关文章

相似问题

领券
问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档