Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/271.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php 认证不';行不通_Php_Sql_Pdo - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php 认证不';行不通

Php 认证不';行不通

php sql

Php 认证不';行不通,php,sql,pdo,Php,Sql,Pdo,我正在尝试用PHP和MySQL制作一个身份验证表单,但它不起作用,我想知道为什么 有人能帮我吗?我在一个前例文件中做了密码哈希,但它们没有链接。这个是独立的 谢谢大家! <?php session_start(); function connect_db($host, $port, $db, $username, $password) { $pdo = new PDO("mysql:host=$host; port=$port; dbname=$db", $username,

我正在尝试用PHP和MySQL制作一个身份验证表单,但它不起作用,我想知道为什么

有人能帮我吗?我在一个前例文件中做了密码哈希,但它们没有链接。这个是独立的

谢谢大家!

<?php

session_start();

function connect_db($host, $port, $db, $username, $password)
{
    $pdo = new PDO("mysql:host=$host; port=$port; dbname=$db", $username, $password);
    return $pdo;
}

if (isset($_POST["email"]) && isset($_POST["password"]) && !empty($_POST["email"]) && !empty($_POST["password"]))
{
    $error_pass= "";
    $email = $_POST["email"];
    $password = $_POST["password"];

    try
    {
        $pdo = connect_db("localhost", 3306, "*******", "******", "*******");
        $sql = $pdo-> prepare("SELECT * FROM users WHERE email = :email AND password = :password");
        $sql->bindParam(':email', $email);
        $sql->bindParam(':password', $password);
        $sql->execute();
        $req = $sql->fetch();
        echo $req["password"] . "SALUT \n";
        var_dump($req["password"]);
        if (password_verify($password, $req['password']) == 0) {
            session_unset();
            $error_pass = "Incorrect email/password";
        }

        else {
            $_SESSION["name"] = $req["name"];
            header("Location: index.php", true, 302);
        }
    }
    catch (PDOException $e)
    {
        echo $e->getMessage();
    }

    if ($error_pass) {
        echo $error_pass;
    }
}

else {
    echo "Some fields are missing";
}
?>
<!DOCTYPE html>
<html>
<body>
    <form method="post" action ="login.php">
        <input type="text" name="email">
        <input type="text" name="password">
        <input type="submit" name="submit" value ="submit">
    </form>
</body>

</html>
从查询中删除密码。您只需通过电子邮件找到用户,然后验证密码是否正确

$sql = $pdo-> prepare("SELECT * FROM users WHERE email = :email");
$sql->bindParam(':email', $email);
$sql->execute();
$req = $sql->fetch();

// @todo :: check did you got any users

if (password_verify($_POST["password"], $req['password'])) {
    // password is valid
}
bindParam需要与:,所以
$sql->bindParam(':email',$email)是的,很抱歉这是一个错误,但它不能解决我的问题安全提示:你应该尽量避免在互联网上发布用户名和密码。另外,如果你计划在生产中使用密码,那么就要加强密码的强度。“不起作用”很好,这不是很好。数据库中的密码是散列的,因此未散列的版本永远不会等于散列的版本,因此
$sql->fetch()将返回0行。