使用PHP登录表单未验证密码\u验证成功,即使值正确
提前感谢您对这一点的任何建议。我是个新手,在使用使用PHP登录表单未验证密码\u验证成功,即使值正确,php,Php,提前感谢您对这一点的任何建议。我是个新手,在使用password\u verify登录表单时遇到一些问题。我的代码如下: <?php error_reporting(E_ALL); ini_set('display_errors', true); require_once('includes/config.inc.php'); $page_title = 'Login'; include('includes/header.php'); if(isset($_POST['submit
password\u verify
登录表单时遇到一些问题。我的代码如下:
<?php
error_reporting(E_ALL); ini_set('display_errors', true);
require_once('includes/config.inc.php');
$page_title = 'Login';
include('includes/header.php');
if(isset($_POST['submitted'])){
require_once(MYSQL);
if(!empty($_POST['email'])) {
$e = mysqli_real_escape_string($dbc,$_POST['email']);
} else {
$e = FALSE;
echo '<p class="error">You forgot to enter your email address</p>';
}
//Validate the password
if(!empty($_POST['pass'])) {
$p = $_POST['pass'];
} else {
echo '<p class="error">You forgot to enter your password</p>';
}
if ($e && $p) { // If everything is OK
//Query the DB to get hash for confirmation purposes
$hashquery = mysqli_query($dbc,"SELECT password from users WHERE email = '$e'");
while ($row = $hashquery->fetch_assoc()) {
$hash = $row['password'];
}
//Echo details for verification purposes
echo "The email address you entered was: " .$e."<br />"; //to verify
echo "The password you entered was: " . $p."<br />"; //to verify
echo "The password has from the db is" .$hash."<br />"; //to verify
$verify = password_verify($p,$hash);
if ($verify) {
echo "successful"; } else { echo "Unsuccessful";
}
//End verification
//run the login query
$q = "SELECT user_id, user_level, password from users WHERE email = '$e' AND active is NULL";
$r = mysqli_query($dbc,$q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
if ($r) { //A match was made
//register the values and redirect
$row = mysqli_fetch_row($r);
$user_id = $row[0];
$user_level = $row[1];
$password = $row[2];
}
$verify = password_verify($p, $password);
if ($verify) {
$_SESSION['user_id'] = $user_id;
$_SESSION['user_level'] = $user_level;
$url = BASE_URL . 'index.php'; //Define the url
ob_end_clean(); //Delete the buffer
header("Location: $url");
} else {
echo '<p class="error">We could not verify the details you entered.</p>';
}
} else { //If everything wasn't OK
echo '<p class="error">Please try again.</p>';
}
mysqli_close($dbc);
}
?>
<h1>Login</h1>
<p>Your browser must allow cookies in order to log in</p>
<form action="login.php" method="post">
<fieldset>
<p><b>Email Address</b><input type="email" size="20" maxlength="80" name="email"/></p>
<p><b>Password</b><input type="password" size="20" maxlength="80" name="pass"/></p>
<div align="center"><input type="submit" value="Login" name="submit" /></div>
<input type="hidden" name="submitted" value="TRUE" />
</fieldset>
</form>
<?php
include('includes/footer.php');
?>
使用while循环从mysqli_fetch_row()
获取数据,如while($row=mysqli_fetch_row($r)){printf(%s(%s)\n“,$row[0],$row[1],$row[2])}
并选中第一次尝试print_r($r)
,然后查看结果。也许你错过了什么。非常感谢Nitish&Saty。事实证明,我创建的数据库没有将NULL作为“active”字段的默认值。通过使用while()函数打印$row['password']值找到它。最初没有显示任何内容,但更改数据库中的字段后,密码字段将正确显示。一切都很好。再次感谢。