我创建此代码以检查基于表单的用户登录。 但是给了我错误。不是一无所获...只需说"无效的用户名/密码组合!
$uid = mysqli_real_escape_string($con, sanitize($_POST['email']));
$pwd = mysqli_real_escape_string($con, sanitize($_POST['password']));
if (empty($uid) || empty($pwd)) {
header("Location: ../member?fail=1");
exit();
} else {
$stmt = $con->prepare("SELECT email, password FROM public_users WHERE email = ? AND password = ?");
$stmt->bind_param('ss', $uid, $pwd);
$stmt->execute();
$stmt->bind_result($uid, $pwd);
$stmt->store_result();
if($stmt->num_rows == 1) {
if($stmt->fetch()) {
$secure_hash = password_verify($pwd, $stmt['password']);
if($secure_hash == false) {
echo "Combination!";
} else {
echo "PASSWORD Combination!";
}
}
} else {
echo "INVALID USERNAME/PASSWORD Combination!";
}
}
$stmt->close();
请帮忙,这是明天在学校的短信:(
您尝试从数据库中获取电子邮件和密码,但password字段已散列。
$stmt = $con->prepare("SELECT email, password FROM public_users WHERE email = ? AND password = ?");
您应该仅通过电子邮件获取记录:
$stmt = $con->prepare("SELECT email, password, age FROM public_users WHERE email = ? ");
$stmt->bind_param('s', $uid);
$stmt->execute();
$stmt->bind_result($uid, $hashed_password, $age);
$stmt->store_result();
//.....
和下一个验证密码:
$secure_hash = password_verify($pwd, $hashed_password);