Php MySqli登录系统-验证哈希密码时遇到问题
几天来我一直在努力解决这个问题。出于某种原因,每当我尝试使用它时,密码都会出错。我想这可能是数据库问题,但我已经显示了数据库中的哈希密码。我希望我能解决这个问题。(我知道我可以简化其中的一些,但我喜欢把所有的事情都安排好,这样我就能把它形象化。)Php MySqli登录系统-验证哈希密码时遇到问题,php,mysqli,Php,Mysqli,几天来我一直在努力解决这个问题。出于某种原因,每当我尝试使用它时,密码都会出错。我想这可能是数据库问题,但我已经显示了数据库中的哈希密码。我希望我能解决这个问题。(我知道我可以简化其中的一些,但我喜欢把所有的事情都安排好,这样我就能把它形象化。) session_start(); $output = NULL; function sanitize($conn, $val){ $val = stripslashes($val); $val
session_start();
$output = NULL;
function sanitize($conn, $val){
$val = stripslashes($val);
$val = mysqli_real_escape_string($conn, $val);
}
//Checks if user is already logged in
if(!isset($_SESSION['loggedin'])){
?>
<form method="POST">
Email: <input type=TEXT name="email"><br>
Password: <input type=PASSWORD name="password"><br>
<input type="SUBMIT" name="submit" value="Log In"><br>
</form>
<?php
}else{
echo "You are already loged in!";
}
//Check Form
if(isset($_POST['submit'])){
//Connect to DB
include "core/database/dbConnect.php";
//Takes information out of feilds
$email = $_POST['email'];
$password = $_POST['password'];
//sanitize input
sanitize($conn, $email);
sanitize($conn, $password);
//Check if form is filled out
if(empty($email) || empty($password)){
$output = "Please enter all fields!";
}else{
$query = "SELECT * FROM users WHERE email ='$email'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$hash = $row['password'];
$passwordsMatch = password_verify($password, $hash);
if($count == 0 or $passwordsMatch == false){
$output = "Invalid email/password";
}else{
//User logged in sucessfully, inserting session data
$_SESSION['loggedin'] = TRUE;
$_SESSION['email'] = $email;
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
header('Location: index.php');
exit();
}
}
}
echo $output;
?>
login.php
session_start();
$output = NULL;
function sanitize($conn, $val){
$val = stripslashes($val);
$val = mysqli_real_escape_string($conn, $val);
}
//Checks if user is already logged in
if(!isset($_SESSION['loggedin'])){
?>
<form method="POST">
Email: <input type=TEXT name="email"><br>
Password: <input type=PASSWORD name="password"><br>
<input type="SUBMIT" name="submit" value="Log In"><br>
</form>
<?php
}else{
echo "You are already loged in!";
}
//Check Form
if(isset($_POST['submit'])){
//Connect to DB
include "core/database/dbConnect.php";
//Takes information out of feilds
$email = $_POST['email'];
$password = $_POST['password'];
//sanitize input
sanitize($conn, $email);
sanitize($conn, $password);
//Check if form is filled out
if(empty($email) || empty($password)){
$output = "Please enter all fields!";
}else{
$query = "SELECT * FROM users WHERE email ='$email'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$hash = $row['password'];
$passwordsMatch = password_verify($password, $hash);
if($count == 0 or $passwordsMatch == false){
$output = "Invalid email/password";
}else{
//User logged in sucessfully, inserting session data
$_SESSION['loggedin'] = TRUE;
$_SESSION['email'] = $email;
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
header('Location: index.php');
exit();
}
}
}
echo $output;
?>
session_start();
session_start();
$output = NULL;
function sanitize($conn, $val){
$val = stripslashes($val);
$val = mysqli_real_escape_string($conn, $val);
}
//Checks if user is already logged in
if(!isset($_SESSION['loggedin'])){
?>
<form method="POST">
Email: <input type=TEXT name="email"><br>
Password: <input type=PASSWORD name="password"><br>
<input type="SUBMIT" name="submit" value="Log In"><br>
</form>
<?php
}else{
echo "You are already loged in!";
}
//Check Form
if(isset($_POST['submit'])){
//Connect to DB
include "core/database/dbConnect.php";
//Takes information out of feilds
$email = $_POST['email'];
$password = $_POST['password'];
//sanitize input
sanitize($conn, $email);
sanitize($conn, $password);
//Check if form is filled out
if(empty($email) || empty($password)){
$output = "Please enter all fields!";
}else{
$query = "SELECT * FROM users WHERE email ='$email'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$hash = $row['password'];
$passwordsMatch = password_verify($password, $hash);
if($count == 0 or $passwordsMatch == false){
$output = "Invalid email/password";
}else{
//User logged in sucessfully, inserting session data
$_SESSION['loggedin'] = TRUE;
$_SESSION['email'] = $email;
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
header('Location: index.php');
exit();
}
}
}
echo $output;
?>
$output=NULL;
函数清理($conn,$val){
$val=斜杠($val);
$val=mysqli\u real\u escape\u字符串($conn,$val);
}
//检查用户是否已登录
如果(!isset($\u会话['loggedin'])){
?>
session_start();
$output = NULL;
function sanitize($conn, $val){
$val = stripslashes($val);
$val = mysqli_real_escape_string($conn, $val);
}
//Checks if user is already logged in
if(!isset($_SESSION['loggedin'])){
?>
<form method="POST">
Email: <input type=TEXT name="email"><br>
Password: <input type=PASSWORD name="password"><br>
<input type="SUBMIT" name="submit" value="Log In"><br>
</form>
<?php
}else{
echo "You are already loged in!";
}
//Check Form
if(isset($_POST['submit'])){
//Connect to DB
include "core/database/dbConnect.php";
//Takes information out of feilds
$email = $_POST['email'];
$password = $_POST['password'];
//sanitize input
sanitize($conn, $email);
sanitize($conn, $password);
//Check if form is filled out
if(empty($email) || empty($password)){
$output = "Please enter all fields!";
}else{
$query = "SELECT * FROM users WHERE email ='$email'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$hash = $row['password'];
$passwordsMatch = password_verify($password, $hash);
if($count == 0 or $passwordsMatch == false){
$output = "Invalid email/password";
}else{
//User logged in sucessfully, inserting session data
$_SESSION['loggedin'] = TRUE;
$_SESSION['email'] = $email;
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
header('Location: index.php');
exit();
}
}
}
echo $output;
?>
电子邮件:
session_start();
$output = NULL;
function sanitize($conn, $val){
$val = stripslashes($val);
$val = mysqli_real_escape_string($conn, $val);
}
//Checks if user is already logged in
if(!isset($_SESSION['loggedin'])){
?>
<form method="POST">
Email: <input type=TEXT name="email"><br>
Password: <input type=PASSWORD name="password"><br>
<input type="SUBMIT" name="submit" value="Log In"><br>
</form>
<?php
}else{
echo "You are already loged in!";
}
//Check Form
if(isset($_POST['submit'])){
//Connect to DB
include "core/database/dbConnect.php";
//Takes information out of feilds
$email = $_POST['email'];
$password = $_POST['password'];
//sanitize input
sanitize($conn, $email);
sanitize($conn, $password);
//Check if form is filled out
if(empty($email) || empty($password)){
$output = "Please enter all fields!";
}else{
$query = "SELECT * FROM users WHERE email ='$email'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$hash = $row['password'];
$passwordsMatch = password_verify($password, $hash);
if($count == 0 or $passwordsMatch == false){
$output = "Invalid email/password";
}else{
//User logged in sucessfully, inserting session data
$_SESSION['loggedin'] = TRUE;
$_SESSION['email'] = $email;
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
header('Location: index.php');
exit();
}
}
}
echo $output;
?>
密码:
session_start();
$output = NULL;
function sanitize($conn, $val){
$val = stripslashes($val);
$val = mysqli_real_escape_string($conn, $val);
}
//Checks if user is already logged in
if(!isset($_SESSION['loggedin'])){
?>
<form method="POST">
Email: <input type=TEXT name="email"><br>
Password: <input type=PASSWORD name="password"><br>
<input type="SUBMIT" name="submit" value="Log In"><br>
</form>
<?php
}else{
echo "You are already loged in!";
}
//Check Form
if(isset($_POST['submit'])){
//Connect to DB
include "core/database/dbConnect.php";
//Takes information out of feilds
$email = $_POST['email'];
$password = $_POST['password'];
//sanitize input
sanitize($conn, $email);
sanitize($conn, $password);
//Check if form is filled out
if(empty($email) || empty($password)){
$output = "Please enter all fields!";
}else{
$query = "SELECT * FROM users WHERE email ='$email'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$hash = $row['password'];
$passwordsMatch = password_verify($password, $hash);
if($count == 0 or $passwordsMatch == false){
$output = "Invalid email/password";
}else{
//User logged in sucessfully, inserting session data
$_SESSION['loggedin'] = TRUE;
$_SESSION['email'] = $email;
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
header('Location: index.php');
exit();
}
}
}
echo $output;
?>
session_start();
$output = NULL;
function sanitize($conn, $val){
$val = stripslashes($val);
$val = mysqli_real_escape_string($conn, $val);
}
//Checks if user is already logged in
if(!isset($_SESSION['loggedin'])){
?>
<form method="POST">
Email: <input type=TEXT name="email"><br>
Password: <input type=PASSWORD name="password"><br>
<input type="SUBMIT" name="submit" value="Log In"><br>
</form>
<?php
}else{
echo "You are already loged in!";
}
//Check Form
if(isset($_POST['submit'])){
//Connect to DB
include "core/database/dbConnect.php";
//Takes information out of feilds
$email = $_POST['email'];
$password = $_POST['password'];
//sanitize input
sanitize($conn, $email);
sanitize($conn, $password);
//Check if form is filled out
if(empty($email) || empty($password)){
$output = "Please enter all fields!";
}else{
$query = "SELECT * FROM users WHERE email ='$email'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$hash = $row['password'];
$passwordsMatch = password_verify($password, $hash);
if($count == 0 or $passwordsMatch == false){
$output = "Invalid email/password";
}else{
//User logged in sucessfully, inserting session data
$_SESSION['loggedin'] = TRUE;
$_SESSION['email'] = $email;
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
header('Location: index.php');
exit();
}
}
}
echo $output;
?>
session_start();
$output = NULL;
function sanitize($conn, $val){
$val = stripslashes($val);
$val = mysqli_real_escape_string($conn, $val);
}
//Checks if user is already logged in
if(!isset($_SESSION['loggedin'])){
?>
<form method="POST">
Email: <input type=TEXT name="email"><br>
Password: <input type=PASSWORD name="password"><br>
<input type="SUBMIT" name="submit" value="Log In"><br>
</form>
<?php
}else{
echo "You are already loged in!";
}
//Check Form
if(isset($_POST['submit'])){
//Connect to DB
include "core/database/dbConnect.php";
//Takes information out of feilds
$email = $_POST['email'];
$password = $_POST['password'];
//sanitize input
sanitize($conn, $email);
sanitize($conn, $password);
//Check if form is filled out
if(empty($email) || empty($password)){
$output = "Please enter all fields!";
}else{
$query = "SELECT * FROM users WHERE email ='$email'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$hash = $row['password'];
$passwordsMatch = password_verify($password, $hash);
if($count == 0 or $passwordsMatch == false){
$output = "Invalid email/password";
}else{
//User logged in sucessfully, inserting session data
$_SESSION['loggedin'] = TRUE;
$_SESSION['email'] = $email;
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
header('Location: index.php');
exit();
}
}
}
echo $output;
?>
register.php
session_start();
$output = NULL;
function sanitize($conn, $val){
$val = stripslashes($val);
$val = mysqli_real_escape_string($conn, $val);
}
//Checks if user is already logged in
if(!isset($_SESSION['loggedin'])){
?>
<form method="POST">
Email: <input type=TEXT name="email"><br>
Password: <input type=PASSWORD name="password"><br>
<input type="SUBMIT" name="submit" value="Log In"><br>
</form>
<?php
}else{
echo "You are already loged in!";
}
//Check Form
if(isset($_POST['submit'])){
//Connect to DB
include "core/database/dbConnect.php";
//Takes information out of feilds
$email = $_POST['email'];
$password = $_POST['password'];
//sanitize input
sanitize($conn, $email);
sanitize($conn, $password);
//Check if form is filled out
if(empty($email) || empty($password)){
$output = "Please enter all fields!";
}else{
$query = "SELECT * FROM users WHERE email ='$email'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$hash = $row['password'];
$passwordsMatch = password_verify($password, $hash);
if($count == 0 or $passwordsMatch == false){
$output = "Invalid email/password";
}else{
//User logged in sucessfully, inserting session data
$_SESSION['loggedin'] = TRUE;
$_SESSION['email'] = $email;
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
header('Location: index.php');
exit();
}
}
}
echo $output;
?>
<div class="pageContent">
<form method="POST">
Username:
<input type="TEXT" name="username"><br>
Password:
<input type="PASSWORD" name="password"><br>
Repeat Password:
<input type="PASSWORD" name="rpassword"><br>
Email Address:
<input type="TEXT" name="email"><br>
<input type="SUBMIT" name="submit" value="Register"><br>
</form>
<?php
session_start();
//Takes information out of feilds
$username = $_POST['username'];
$password = $_POST['password'];
$rpassword = $_POST['rpassword'];
$email = $_POST['email'];
$output = NULL;
function sanitize($conn, $val){
$val = stripslashes($val);
$val = mysqli_real_escape_string($conn, $val);
}
//Runs all code if Register is clicked
if(isset($_POST['submit'])){
//Connect to DB
include "core/database/dbConnect.php";
//Sanitizes input
sanitize($conn, $username);
sanitize($conn, $password);
sanitize($conn, $rpassword);
sanitize($conn, $email);
//Query's the username for duplicates
$usernameQuery = $conn->query("SELECT * FROM users WHERE username = '$username'");
//Query's the email for duplicates
$emailQuery = $conn->query("SELECT * FROM users WHERE email = '$email'");
//Checks if all feilds are filled
if(empty($username) OR empty($password) OR empty($rpassword) OR empty($email)){
$output = "Please fill in all fields!";
//Checks if username is already taken
}elseif($usernameQuery->num_rows != 0){
$output = "That username is already taken!";
//Checks if password and rpassword matches
}elseif($rpassword != $password){
$output = "Your passwords don't match!";
//Checks if username has more than 5 characters
}elseif(strlen($username) < 4){
$output = "Your username must be at least 4 characters!";
//Checks if password has more than 5 characters
}elseif(strlen($password) < 7){
$output = "Your password must be at least 7 characters!";
//Checks if email is already in use
}elseif($emailQuery->num_rows != 0){
$output = "The email is already in use! Do you already have an account?";
//Checks if email is a valid email
}elseif(filter_var($email, FILTER_VALIDATE_EMAIL) == FALSE){
$output = "The email you have entered is not valid!";
}else{
//Hashing password
$password = password_hash('$password', PASSWORD_BCRYPT, array(
'cost' => 10
));
//Insert data in DB users
$insert = $conn->query("INSERT INTO users(username,password,email) VALUES('$username','$password','$email')");
if($insert == TRUE){
$output = "You account was created! Please login!";
}else{
$output = $error;
}
}
}
echo $output;
?>
<?php
$error = "Sorry, Somthing went wrong!";
$conn = NEW MySQLi('localhost', 'root', '', 'phplogin') or die($error);
?>
session_start();
$output = NULL;
function sanitize($conn, $val){
$val = stripslashes($val);
$val = mysqli_real_escape_string($conn, $val);
}
//Checks if user is already logged in
if(!isset($_SESSION['loggedin'])){
?>
<form method="POST">
Email: <input type=TEXT name="email"><br>
Password: <input type=PASSWORD name="password"><br>
<input type="SUBMIT" name="submit" value="Log In"><br>
</form>
<?php
}else{
echo "You are already loged in!";
}
//Check Form
if(isset($_POST['submit'])){
//Connect to DB
include "core/database/dbConnect.php";
//Takes information out of feilds
$email = $_POST['email'];
$password = $_POST['password'];
//sanitize input
sanitize($conn, $email);
sanitize($conn, $password);
//Check if form is filled out
if(empty($email) || empty($password)){
$output = "Please enter all fields!";
}else{
$query = "SELECT * FROM users WHERE email ='$email'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$hash = $row['password'];
$passwordsMatch = password_verify($password, $hash);
if($count == 0 or $passwordsMatch == false){
$output = "Invalid email/password";
}else{
//User logged in sucessfully, inserting session data
$_SESSION['loggedin'] = TRUE;
$_SESSION['email'] = $email;
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
header('Location: index.php');
exit();
}
}
}
echo $output;
?>
用户名:
session_start();
$output = NULL;
function sanitize($conn, $val){
$val = stripslashes($val);
$val = mysqli_real_escape_string($conn, $val);
}
//Checks if user is already logged in
if(!isset($_SESSION['loggedin'])){
?>
<form method="POST">
Email: <input type=TEXT name="email"><br>
Password: <input type=PASSWORD name="password"><br>
<input type="SUBMIT" name="submit" value="Log In"><br>
</form>
<?php
}else{
echo "You are already loged in!";
}
//Check Form
if(isset($_POST['submit'])){
//Connect to DB
include "core/database/dbConnect.php";
//Takes information out of feilds
$email = $_POST['email'];
$password = $_POST['password'];
//sanitize input
sanitize($conn, $email);
sanitize($conn, $password);
//Check if form is filled out
if(empty($email) || empty($password)){
$output = "Please enter all fields!";
}else{
$query = "SELECT * FROM users WHERE email ='$email'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$hash = $row['password'];
$passwordsMatch = password_verify($password, $hash);
if($count == 0 or $passwordsMatch == false){
$output = "Invalid email/password";
}else{
//User logged in sucessfully, inserting session data
$_SESSION['loggedin'] = TRUE;
$_SESSION['email'] = $email;
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
header('Location: index.php');
exit();
}
}
}
echo $output;
?>
密码:
session_start();
$output = NULL;
function sanitize($conn, $val){
$val = stripslashes($val);
$val = mysqli_real_escape_string($conn, $val);
}
//Checks if user is already logged in
if(!isset($_SESSION['loggedin'])){
?>
<form method="POST">
Email: <input type=TEXT name="email"><br>
Password: <input type=PASSWORD name="password"><br>
<input type="SUBMIT" name="submit" value="Log In"><br>
</form>
<?php
}else{
echo "You are already loged in!";
}
//Check Form
if(isset($_POST['submit'])){
//Connect to DB
include "core/database/dbConnect.php";
//Takes information out of feilds
$email = $_POST['email'];
$password = $_POST['password'];
//sanitize input
sanitize($conn, $email);
sanitize($conn, $password);
//Check if form is filled out
if(empty($email) || empty($password)){
$output = "Please enter all fields!";
}else{
$query = "SELECT * FROM users WHERE email ='$email'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$hash = $row['password'];
$passwordsMatch = password_verify($password, $hash);
if($count == 0 or $passwordsMatch == false){
$output = "Invalid email/password";
}else{
//User logged in sucessfully, inserting session data
$_SESSION['loggedin'] = TRUE;
$_SESSION['email'] = $email;
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
header('Location: index.php');
exit();
}
}
}
echo $output;
?>
重复密码:
session_start();
$output = NULL;
function sanitize($conn, $val){
$val = stripslashes($val);
$val = mysqli_real_escape_string($conn, $val);
}
//Checks if user is already logged in
if(!isset($_SESSION['loggedin'])){
?>
<form method="POST">
Email: <input type=TEXT name="email"><br>
Password: <input type=PASSWORD name="password"><br>
<input type="SUBMIT" name="submit" value="Log In"><br>
</form>
<?php
}else{
echo "You are already loged in!";
}
//Check Form
if(isset($_POST['submit'])){
//Connect to DB
include "core/database/dbConnect.php";
//Takes information out of feilds
$email = $_POST['email'];
$password = $_POST['password'];
//sanitize input
sanitize($conn, $email);
sanitize($conn, $password);
//Check if form is filled out
if(empty($email) || empty($password)){
$output = "Please enter all fields!";
}else{
$query = "SELECT * FROM users WHERE email ='$email'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$hash = $row['password'];
$passwordsMatch = password_verify($password, $hash);
if($count == 0 or $passwordsMatch == false){
$output = "Invalid email/password";
}else{
//User logged in sucessfully, inserting session data
$_SESSION['loggedin'] = TRUE;
$_SESSION['email'] = $email;
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
header('Location: index.php');
exit();
}
}
}
echo $output;
?>
电邮地址:
session_start();
$output = NULL;
function sanitize($conn, $val){
$val = stripslashes($val);
$val = mysqli_real_escape_string($conn, $val);
}
//Checks if user is already logged in
if(!isset($_SESSION['loggedin'])){
?>
<form method="POST">
Email: <input type=TEXT name="email"><br>
Password: <input type=PASSWORD name="password"><br>
<input type="SUBMIT" name="submit" value="Log In"><br>
</form>
<?php
}else{
echo "You are already loged in!";
}
//Check Form
if(isset($_POST['submit'])){
//Connect to DB
include "core/database/dbConnect.php";
//Takes information out of feilds
$email = $_POST['email'];
$password = $_POST['password'];
//sanitize input
sanitize($conn, $email);
sanitize($conn, $password);
//Check if form is filled out
if(empty($email) || empty($password)){
$output = "Please enter all fields!";
}else{
$query = "SELECT * FROM users WHERE email ='$email'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$hash = $row['password'];
$passwordsMatch = password_verify($password, $hash);
if($count == 0 or $passwordsMatch == false){
$output = "Invalid email/password";
}else{
//User logged in sucessfully, inserting session data
$_SESSION['loggedin'] = TRUE;
$_SESSION['email'] = $email;
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
header('Location: index.php');
exit();
}
}
}
echo $output;
?>
session_start();
$output = NULL;
function sanitize($conn, $val){
$val = stripslashes($val);
$val = mysqli_real_escape_string($conn, $val);
}
//Checks if user is already logged in
if(!isset($_SESSION['loggedin'])){
?>
<form method="POST">
Email: <input type=TEXT name="email"><br>
Password: <input type=PASSWORD name="password"><br>
<input type="SUBMIT" name="submit" value="Log In"><br>
</form>
<?php
}else{
echo "You are already loged in!";
}
//Check Form
if(isset($_POST['submit'])){
//Connect to DB
include "core/database/dbConnect.php";
//Takes information out of feilds
$email = $_POST['email'];
$password = $_POST['password'];
//sanitize input
sanitize($conn, $email);
sanitize($conn, $password);
//Check if form is filled out
if(empty($email) || empty($password)){
$output = "Please enter all fields!";
}else{
$query = "SELECT * FROM users WHERE email ='$email'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$hash = $row['password'];
$passwordsMatch = password_verify($password, $hash);
if($count == 0 or $passwordsMatch == false){
$output = "Invalid email/password";
}else{
//User logged in sucessfully, inserting session data
$_SESSION['loggedin'] = TRUE;
$_SESSION['email'] = $email;
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
header('Location: index.php');
exit();
}
}
}
echo $output;
?>
您不需要转义或清理您的密码,因为它不会在sql查询中使用,并且可能会破坏密码您不需要转义或清理您的密码,因为它不会在sql查询中使用,并且可能会破坏密码我看不到您在日志中实际对密码进行哈希运算的位置在中,您是否已检查以确保未将明文密码检查为散列密码?我看不出您实际在何处对密码进行散列,在登录中,您是否已检查以确保未将明文密码检查为散列密码?您的代码在我这方面工作正常。也许您只是键入了一个错误的密码?请尝试删除验证哈希函数并查看can登录或not@j.Doe如果我删除哈希函数并覆盖$passwordsMatch=true,我将使用所有正确的会话数据登录。感谢您的响应!请尝试硬编码您的密码,而不是密码验证()中的$password
)
@j.Doe对密码进行硬编码后,返回false。然后,可能您只是散列了一个错误的密码。请尝试使用新密码创建一个新帐户,然后尝试重新登录。您的代码在我这方面工作正常。可能您只是键入了一个错误的密码?请尝试删除散列函数,然后查看是否可以登录not@j.Doe如果我删除哈希函数并覆盖$passwordsMatch=true,我使用所有正确的会话数据登录。感谢您的响应!请尝试硬编码您的密码,而不是密码验证()中的$password
)
@j.Doe在硬编码密码后,返回false。然后,可能您只是散列了一个错误的密码。尝试使用新密码创建一个新帐户,然后再次尝试登录。我不认为我需要散列登录密码。如果在数据库中散列了密码,那么您需要散列密码,我引用的一个好的引语是“有疑问时,回显所有内容”因此,在检查密码是否匹配之前,回显用户在登录时发送的密码和数据库中的密码,以查看它们是否确实匹配。当我对密码进行哈希运算时,每次都会生成一个新的salt,因此密码将永远不会相同。我使用的是password\u verify()php.net/manual/en/function.password-verify。php@Hercules_88在您的注册表上,为什么不使用$password=md5(SHA1(“a87asd98gasd”$password。“ASd0asdbasd”)
创建您自己的散列方法,然后登录到if(md5(SHA1(“a87asd98gasd”$password。“ASd0asdbasd”)==$row[“password”])
?这样做会更容易,但正如j.Doe之前所说的那样,它对他的端有效,因此除非我们可以在您端对其进行篡改,否则它将很难修复,因为它对我们有效。我认为我不需要对登录密码进行哈希运算。如果在数据库中对其进行哈希运算,则您需要对密码进行哈希运算,我引用的一句很好的话是“如果有疑问,回显所有内容“因此,在检查密码是否匹配之前,回显用户在登录中发送的密码和数据库中的密码,以查看它们是否确实匹配。当我对密码进行哈希运算时,每次都会生成一个新的salt,因此密码将永远不会相同。我使用的是password\u verify()php.net/manual/en/function.password-verify。php@Hercules_88在您的注册表上,为什么不使用$password=md5(SHA1(“a87asd98gasd”$password。“ASd0asdbasd”)
创建您自己的散列方法,然后登录到if(md5(SHA1(“a87asd98gasd”$password。“ASd0asdbasd”)==$row[“password”])
?这样做会更容易,但正如j.Doe之前所说的,它在他这边有效,因此,除非我们可以在你那边修改它,否则它将很难修复,因为它对我们有效。
session_start();
$output = NULL;
function sanitize($conn, $val){
$val = stripslashes($val);
$val = mysqli_real_escape_string($conn, $val);
}
//Checks if user is already logged in
if(!isset($_SESSION['loggedin'])){
?>
<form method="POST">
Email: <input type=TEXT name="email"><br>
Password: <input type=PASSWORD name="password"><br>
<input type="SUBMIT" name="submit" value="Log In"><br>
</form>
<?php
}else{
echo "You are already loged in!";
}
//Check Form
if(isset($_POST['submit'])){
//Connect to DB
include "core/database/dbConnect.php";
//Takes information out of feilds
$email = $_POST['email'];
$password = $_POST['password'];
//sanitize input
sanitize($conn, $email);
sanitize($conn, $password);
//Check if form is filled out
if(empty($email) || empty($password)){
$output = "Please enter all fields!";
}else{
$query = "SELECT * FROM users WHERE email ='$email'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$hash = $row['password'];
$passwordsMatch = password_verify($password, $hash);
if($count == 0 or $passwordsMatch == false){
$output = "Invalid email/password";
}else{
//User logged in sucessfully, inserting session data
$_SESSION['loggedin'] = TRUE;
$_SESSION['email'] = $email;
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
header('Location: index.php');
exit();
}
}
}
echo $output;
?>