我正在尝试使用password_hash()
和password_verify()
制作登录系统(已经完成注册系统),但对我不起作用。我一直在整个早晨都在寻找答案,但似乎无法使它起作用,我看过CodeCourse教程,阅读博客文章,什么也没有。我一直关注的教程是这个。
<!-- login -->
<?php
if($_SERVER['REQUEST_METHOD'] == "POST") {
$errors = array();
error_reporting(E_ALL);
ini_set('display_errors', 1);
//Basic validation
if(empty($_POST['username'])){
$errors[] = "Please enter your username";
}else{
$username = $mysqli->real_escape_string($_POST['username']);
}
if(empty($_POST['password'])){
$errors[] = "Please enter your password";
}else{
$password = trim($_POST['password']);
}
if (empty($errors)) {
$sql = "SELECT * FROM users WHERE username = '$username'";
$result = $mysqli->query($sql);
if ($result->num_rows === 1) {
$row = $result->fetch_array(MYSQLI_ASSOC);
if(password_verify($password, $row['password'])) {
echo 'test';
$_SESSION['user']['user_id'] = $row['user'];
header("Location: google.com");
exit();
}else{
$errors[] = "The username or password do not match";
}
}else{
$errors[] = "The username or password do not match";
}
}
}
?>
<!-- register -->
<?php
if($_SERVER['REQUEST_METHOD'] == "POST") {
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = $_POST['password'];
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$confirm_password = mysqli_real_escape_string($conn, $password);
$ip = $_SERVER['REMOTE_ADDR'];
if(empty($username) || empty($password) || empty($confirm_password)) {
$error = "Fill in the missing fields";
} else {
$sql = "INSERT INTO users VALUES('', '$username', '$hashed_password', '$ip', 'User')";
if($conn->query($sql) === TRUE) {
$error = "Your account has been created.";
} else {
$error = "Your account has not been created, please try again later.";
}
}
}
?>
最终结果产品应该在成功和重定向中登录,我正在使用PHP 5.6并在Localhost Xampp上运行。
您永远不会得到匹配,因为您正在使用
$password =mysqli_real_escape_string($conn, $_POST['password']);
存储密码,然后不将其用于验证。相反,您使用
$password = trim($_POST['password']);
确保您不要逃脱密码或在哈希之前使用任何其他清洁机制。这样做更改密码并导致不必要的其他编码。password_hash()
函数可以生成一些非常冗长的文本(当前默认值为60个字符),因此请确保数据库中的字段足够大以容纳哈希。现在设置更大的字段将允许所需的长度。PHP团队正在为该方法添加更多算法,这意味着哈希可以并且将会增长。