PHP登录页面存在哈希密码问题
因此,我正在尝试创建一个简单的登录结构,我不知道为什么它不起作用,我感谢这里有很多例子,请不要将此标记为重复,我只是真的需要一些帮助,我已经尝试了很多次,但我看不出我做错了什么PHP登录页面存在哈希密码问题,php,mysql,mysqli,Php,Mysql,Mysqli,因此,我正在尝试创建一个简单的登录结构,我不知道为什么它不起作用,我感谢这里有很多例子,请不要将此标记为重复,我只是真的需要一些帮助,我已经尝试了很多次,但我看不出我做错了什么 <?php session_start(); include 'databaseconnection.php'; $email = strip_tags($_POST['email']); $pwd = strip_tags($_POST['pwd']); $sql = "SELECT * FROM user
<?php
session_start();
include 'databaseconnection.php';
$email = strip_tags($_POST['email']);
$pwd = strip_tags($_POST['pwd']);
$sql = "SELECT * FROM user WHERE email='$email'";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
$hash_pwd = $row['pwd'];
$hash = password_verify($pwd, $hash_pwd);
if ($hash == 0) {
header("Location: error.php")
exit();
} else {
$sql = "SELECT * FROM user WHERE email='$uid' AND pwd ='$hash_pwd'";
$result = mysqli_query($conn, $sql);
if (!row = mysqli_fetch_assoc($result)); {
echo "your email address or password is incorrect!";
} else {
$_SESSION['id'] = $row['id'];
}
header("Location: profile.php")
第一次检查请求第二次过滤器输入第三次使用pdo
简单的代码就在这里
<?php
session_start();
include 'databaseconnection.php';
$email = $_POST['email'];
$pwd = $_POST['pwd'];
$sql = "SELECT * FROM user WHERE email = '$email'";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
$hash_pwd = $row['pwd']; // password from database
// if password is valid start session and redirect to profile.php
if (password_verify($pwd, $hash_pwd))
{
$_SESSION['id'] = $row['id'];
header('Location: profile.php');
}
else
{
header("Location: error.php")
exit();
}
?>
您没有关闭“}else{”…部分。您不能“反散列”密码。散列密码的全部意义在于它是一个单向操作。也许我使用了错误的短语,但使用password\u验证不会对输入的密码进行散列,并检查它是否与数据库上存储的散列相同?什么“不起作用”意思是?当我填写登录页面表单时,我得到一个错误,“此页面不工作”验证给定的哈希是否与给定的密码匹配。Muntadher那太好了!但是关于PDO?我不熟悉
<?php
session_start();
include 'databaseconnection.php';
$email = $_POST['email'];
$pwd = $_POST['pwd'];
$sql = "SELECT * FROM user WHERE email = '$email'";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
$hash_pwd = $row['pwd']; // password from database
// if password is valid start session and redirect to profile.php
if (password_verify($pwd, $hash_pwd))
{
$_SESSION['id'] = $row['id'];
header('Location: profile.php');
}
else
{
header("Location: error.php")
exit();
}
?>