我不知道为什么我的密码是错误的,我的注册页面是工作的,我尝试登录它显示我的url.I中的login=incorrect密码。我试图找出每一个可能的问题,但没有帮助我。
<?php
session_start();
if(isset($_POST['submit'])){
include_once 'dbt.inc.php';
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
//error handlers
if(empty($username) || empty($password)){
header("Location: ../main_login.php?login=empty");
exit();
}
else{
$sql = "SELECT * FROM users WHERE user_username = '$username'";
$run = mysqli_query($conn, $sql);
$result = mysqli_num_rows($run);
if ($result < 1) {
header("Location: ../main_login.php?login=error");
exit();
}
else{
if ($row = mysqli_fetch_assoc($run)) {
$hashedpasswordcheck = password_verify($password, $row['user_password']);
if ($hashedpasswordcheck == false) {
header("Location: ../main_login.php?login=incorrect password");
exit();
}
elseif($hashedpasswordcheck == true){
//log in user
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['user_first'] = $row['user_first'];
$_SESSION['user_last'] = $row['user_last'];
$_SESSION['user_email'] = $row['user_email'];
$_SESSION['user_username'] = $row['user_username'];
$_SESSION['user_password'] = $row['user_password'];
header("Location: ../main_login.php?login=success");
exit();
}
}
}
}
}
else{
header("Location: ../main_login.php?login=error");
exit();
}
?>
这是我的注册代码,它工作得很好,我没有看到任何错误,所以如果你看到任何错误,请帮助我
<?php
if(isset ($_POST['submit'])){
include_once 'dbt.inc.php';
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
//Error Handlers
if(empty($first) || empty($last) || empty($email) || empty($username) || empty($password)){
header("Location: ../main_signup.php?signup=empty");
exit();
}
else{
//check if input characters are valid
if(!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)){
header("Location: ../main_signup.php?signup=invalid first and last name");
exit();
}
else{
//check if email is valid
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
header("Location: ../main_signup.php?signup=invalid_email");
exit();
}
else{
$sql = "SELECT * FROM users WHERE user_username='$username'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck > 0){
header("Location: ../main_signup.php?signup=username already taken");
exit();
}else{
//hashing the password
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
//insert the user into database
$sql = "INSERT INTO users (user_first, user_last, user_email, user_username, user_password) VALUES('$first','$last','$email','$username','$hashed_password ')";
$run = mysqli_query($conn, $sql);
header("Location: ../main_signup.php?signup=success");
exit();
}
}
}
}
}
else{
header("Location: ../main_signup.php");
}
?>
发布于 2018-05-31 21:02:23
在注册代码中,hashed_password变量后面有一个空格。
'$username','$hashed_password ')";
发布于 2018-05-31 19:24:06
我明白了。您使用password_hash....just将每个密码散列替换为$hash = hash(sha512,$password)。您也可以添加一些盐,但我不建议这样做,因为不太可能使用相同的密码。另外,如果你想为了安全起见,对它进行双重散列。另外,谁将插入激活的值1?您需要在注册sql查询的激活列中插入1,否则将不起作用。也在转义之前的密码字符串...hash它的转义...
解决方案:-(适用于我) signup.php
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password1 = strip_tags($_POST['password']);
$hashed_password = password_hash($password1, PASSWORD_DEFAULT);
$password = mysqli_real_escape_string($conn, $hashed_password);
https://stackoverflow.com/questions/50622122
复制相似问题