我正在更改注册并登录到不同的加密(Phpass),因为每个人都说md5不再安全了。我管理自己把注册功能工作,但不能弄清楚为什么登录不工作。这段代码没有错误,但是没有从if($stm->rowCount()>0){}
请忽略注释代码,这是我的旧登录版本。欢迎任何其他建议!
include("include/connection.php");
require_once('include/PasswordHash.php');
function login($db){
if (isset($_GET["type"])){
if($_GET["type"]=="log" && isset($_POST['email']) && isset($_POST['password'])){
session_start();
$email = $_POST['email'];
$password = $_POST['password'];
$hasher = new PasswordHash(8, false);
if($email=='' || $password==''){
echo "<font style='background-color: #F9C5CA'>Error: Please fill the required fields.</font>";
}else{
//$password = md5($password);
$pass = $hasher->HashPassword($_POST['password']);
$sql = "SELECT email,password,id FROM user WHERE email=? AND password=?";
$stm = $db->prepare($sql);
$stm->execute(array($email,$pass));
$row = $stm->fetch(PDO::FETCH_ASSOC);
/*if($stm->rowCount()>0){
$_SESSION['id']=$row['id'];
header('Location: cpanel/#welcome');
}else{
echo "<font style='background-color: #F9C5CA'>Error: Your email and/or password are incorrect. Please try again.</font>";
}*/
if($stm->rowCount()>0){
if ($hasher->CheckPassword($pass,$row['password'])) {
$_SESSION['id']=$row['id'];
header('Location: cpanel/#welcome');
exit();
}else{
echo "<font style='background-color: #F9C5CA'>Error: Your email and/or password are incorrect. Please try again.</font>";
}
}
}
}
}
}
您可以更改条件,因为有几种方法可以替换rowCount():
如果用户存在,则$row = $stm->fetch(PDO::FETCH_ASSOC);返回一个包含数据的数组,如果没有用户,则返回一个空数组:
// Count array and check if is greater than 0
if ( count($row) > 0 )
// Check if array is not empty
if ( !empty($row) )
// Simple check. An empty array would return false
if ( $row )
确保散列密码为60个字符,超过60个字符将返回false。我有同样的问题,并注意到我的第一个散列密码是61个字符。