Fatal编程技术网
  • php/
  • PHP用户名和密码检查失败

PHP用户名和密码检查失败

php passwords

PHP用户名和密码检查失败,php,passwords,Php,Passwords,当我注册为新用户,然后尝试以该用户身份登录时,用户名和/或密码无法识别。我已经在另一个应用程序中成功地使用了这个登录系统,但是当我将它插入一个新的应用程序时,它开始出现这个问题。我检查了所有的东西,似乎找不到问题。任何想法都非常感谢 代码如下: <?php function find_admin_by_username($username) { global $connection; $safe_username = mysqli_real_escape_string($

当我注册为新用户,然后尝试以该用户身份登录时,用户名和/或密码无法识别。我已经在另一个应用程序中成功地使用了这个登录系统,但是当我将它插入一个新的应用程序时,它开始出现这个问题。我检查了所有的东西,似乎找不到问题。任何想法都非常感谢

代码如下:

<?php
function find_admin_by_username($username) {
    global $connection;

    $safe_username = mysqli_real_escape_string($connection, $username);

    $query  = "SELECT * ";
    $query .= "FROM users ";
    $query .= "WHERE username = '{$safe_username}' ";
    $query .= "LIMIT 1";
    $admin_set = mysqli_query($connection, $query);
    confirm_query($admin_set);
    if($admin = mysqli_fetch_assoc($admin_set)) {
        return $admin;
    } else {
        return null;
    }
}


function password_encrypt($password) {
$hash_format = "$2y$10$";   // Tells PHP to use Blowfish with a "cost" of 10
  $salt_length = 22;                    
  $salt = generate_salt($salt_length);
  $format_and_salt = $hash_format . $salt;
  $hash = crypt($password, $format_and_salt);
    return $hash;
}

function generate_salt($length) {
  // Not 100% unique, not 100% random, but good enough for a salt
  // MD5 returns 32 characters
  $unique_random_string = md5(uniqid(mt_rand(), true));

    // Valid characters for a salt are [a-zA-Z0-9./]
  $base64_string = base64_encode($unique_random_string);

    // But not '+' which is valid in base64 encoding
  $modified_base64_string = str_replace('+', '.', $base64_string);

    // Truncate string to the correct length
  $salt = substr($modified_base64_string, 0, $length);

    return $salt;
}

function password_check($password, $existing_hash) {
    // existing hash contains format and salt at start
  $hash = crypt($password, $existing_hash);
  if ($hash === $existing_hash) {
    return true;
  } else {
    return false;
  }
}

function attempt_login($username, $password) {
    $admin = find_admin_by_username($username);
    if ($admin) {
        // found admin, now check password
        if (password_check($password, $admin["password"])) {
            // password matches
            return $admin;
        } else {
            // password does not match
            return false;
        }
    } else {
        // admin not found
        return false;
    }
}

?>


<?php
if (isset($_POST['submit'])) {
  // Process the form

  // validations
  $required_fields = array("username", "password");
  validate_presences($required_fields);

  if (empty($errors)) {
    // Attempt Login

        $username = $_POST["username"];
        $password = $_POST["password"];

        $found_admin = attempt_login($username, $password);

    if ($found_admin) {
      // Success
            // Mark user as logged in
            $_SESSION["admin_id"] = $found_admin["id"];
            $_SESSION["username"] = $found_admin["username"];
      redirect_to("MyAccount.php");
    } else {
      // Failure
      $_SESSION["message"] = "Username/password not found.";
    }
  }
} else {
  // This is probably a GET request

} // end: if (isset($_POST['submit']))

?>
我假设您已经检查并确保您的用户凭据在数据库中?您真的应该能够在发布此处之前缩小一些范围是的,用户凭据在数据库中。