Php 使用密码\u散列的登录系统
我试图登录管理员添加的用户,但当我按login时,什么也没发生,只是一个标题为login.php的空白页面。 以下是我用于添加用户的代码:Php 使用密码\u散列的登录系统,php,sql,session,password-hash,Php,Sql,Session,Password Hash,我试图登录管理员添加的用户,但当我按login时,什么也没发生,只是一个标题为login.php的空白页面。 以下是我用于添加用户的代码: <?php include "connection.php"; ?> <!DOCTYPE html> <html> <head> <title>Add students</title> <link rel="stylesheet" type="
<?php
include "connection.php";
?>
<!DOCTYPE html>
<html>
<head>
<title>Add students</title>
<link rel="stylesheet" type="text/css" href="boosttrap.min.css">
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<form action="adduser.php" method="POST">
<div>
<h2>
Username will be generated automatically
</h2>
<br/>
<label>Password</label>
<input type="password" name="s_password" class="form-control" placeholder="Enter new passowrd">
<br/>
<label>Name</label>
<input type="text" name="s_name" class="form-control" placeholder="Enter name">
<br/>
<label>Surname</label>
<input type="text" name="s_surname" class="form-control" placeholder="Enter surname">
<br/>
<label>Date of birth</label>
<input type="date" name="s_dob" class="form-control" placeholder="Enter Date of birth">
<br/>
<label>Year group</label>
<select name ="s_yeargroup">
<option selected = "true" disabled="disabled"> Select one from below...</option>
<option value=1 >7</option>
<option value=2> 8</option>
<option value=3> 9</option>
<option value=4> 10</option>
<option value=5> 11</option>
</select>
<br/>
<button type="sumbit" name="btnAddUser" class="float" value ="Login">Create New User</button>
</div>
</form>
<a href="../logout.php">Logout</a>
</body>
<?php
if(isset($_POST["btnAddUser"])){
$hashed_password = password_hash($_POST['s_password'], PASSWORD_DEFAULT);
$name = $_POST["s_name"];
$surname = $_POST["s_surname"];
$dob = $_POST["s_dob"];
$yeargroup = $_POST["s_yeargroup"];
$usernamenew = substr($name, 0, 1);
$usernamenew1 = substr($surname, 0, 4);
$usernamenew3= $usernamenew.$usernamenew1;
$sql = "INSERT INTO tbluser (Username, Password, Role) VALUES ('$usernamenew3', '$hashed_password', 'Student')";
if(!mysqli_query($conn,$sql))
{
echo "Error with Username or password";
}
else
{
echo "Username and password created successfully. The username is ".$usernamenew3.".";
}
$sql4= "SELECT ID FROM tbluser WHERE Username = '$usernamenew3'";
$result1= mysqli_query($conn,$sql4);
$row= mysqli_fetch_assoc($result1);
$userid=$row['ID'];
$sql1 = "INSERT INTO student (name, surname, dob, yeargroup_id, tbluser_ID) VALUES ('$name','$surname','$dob','$yeargroup','$userid')";
if(!mysqli_query($conn,$sql1))
{
echo "Error with Student info";
}
else
{
echo " \r\nStudent has been added successfully.";
}
}
?>
添加学生
用户名将自动生成
密码
名称
姓
出生日期
年组
从下面选择一个。。。
7.
8.
9
10
11
创建新用户
您可以使用password\u hash()
和password\u verify()
您只能从表中选择用户名
和密码
列。因此,$row[“Role”]
将不会被设置,并且所有if
条件都不会成功。因此,您应该得到错误角色未被识别
将其更改为:
$stmt=$conn->prepare("SELECT Username, Password, Role, ID FROM tbluser WHERE Username = ? ");
另外,添加else
语句,以便在登录失败时知道哪个条件失败
<?php
if(isset($_POST["btnLogin"]))
{
$password = $_POST["password"];
$stmt=$conn->prepare("SELECT Username, Password FROM tbluser WHERE Username = ? ");
$stmt-> bind_param("s",$_POST["username"]);
$stmt->execute();
$result = $stmt->get_result();
if(mysqli_num_rows($result) > 0)
{
$row = mysqli_fetch_assoc($result);
if(password_verify($password, $row["Password"]))
{
if($row["Role"] == "Admin")
{
$_SESSION['AdminUser'] = $row["Username"];
$_SESSION['adminid']= $row["ID"];
$_SESSION['role'] = $row["Role"];
header('Location: admin/admin.php');
}
elseif($row["Role"] == "Teacher")
{
$_SESSION['ProfUser'] = $row["Username"];
$_SESSION['teacherid']= $row["ID"];
$_SESSION['role'] = $row["Role"];
header('Location: teacher/prof.php');
}
elseif($row["Role"] == "Student")
{
$_SESSION['StudentUser'] = $row["Username"];
$_SESSION['studentid']= $row["ID"];
$_SESSION['role'] = $row["Role"];
header('Location: student/student.php');
}
else
echo "Role is not recognised";
} else {
echo "Password incorrect";
}
} else {
echo "Username not found";
}
} else {
echo "Form not submitted correctly";
}
从文档中,password\u hash
withpassword\u BCRYPT
生成一个60个字符长的字符串,其他算法可能会生成更长的字符串。数据库中的密码字段只有45个字符
根据文档中的建议,您应该将字段大小增加到255。您正在将数据库中的用户名设置为$usernamenew.$usernamenew1但是当你检查登录时你没有这样做。你为什么这样弄乱用户名?@Barmar这是我的a级课程的学校门户,我的学校给用户名的方式总是你名字的第一个字母,你姓氏的前4个字母,所以我试着复制它。无论如何,我使用$u POST['username']获取用户名,所以我不明白为什么我在数据库中添加用户名的方式会有所不同?我知道你知道如何使用准备好的语句,因为你在登录页面中使用它。您也应该在注册脚本中使用它。您的列长度是45,但应该是255。谢谢,我更改了它,但它仍然是一个空白页。您应该添加更多的else
语句,以便知道login.php
中的条件失败时的。错误现在只是密码不正确,但无论如何,谢谢,这是非常有用的
<?php
if(isset($_POST["btnLogin"]))
{
$password = $_POST["password"];
$stmt=$conn->prepare("SELECT Username, Password FROM tbluser WHERE Username = ? ");
$stmt-> bind_param("s",$_POST["username"]);
$stmt->execute();
$result = $stmt->get_result();
if(mysqli_num_rows($result) > 0)
{
$row = mysqli_fetch_assoc($result);
if(password_verify($password, $row["Password"]))
{
if($row["Role"] == "Admin")
{
$_SESSION['AdminUser'] = $row["Username"];
$_SESSION['adminid']= $row["ID"];
$_SESSION['role'] = $row["Role"];
header('Location: admin/admin.php');
}
elseif($row["Role"] == "Teacher")
{
$_SESSION['ProfUser'] = $row["Username"];
$_SESSION['teacherid']= $row["ID"];
$_SESSION['role'] = $row["Role"];
header('Location: teacher/prof.php');
}
elseif($row["Role"] == "Student")
{
$_SESSION['StudentUser'] = $row["Username"];
$_SESSION['studentid']= $row["ID"];
$_SESSION['role'] = $row["Role"];
header('Location: student/student.php');
}
else
echo "Role is not recognised";
} else {
echo "Password incorrect";
}
} else {
echo "Username not found";
}
} else {
echo "Form not submitted correctly";
}