Fatal编程技术网
  • php/
  • PHP登录页面存在哈希密码问题

PHP登录页面存在哈希密码问题

php mysql

PHP登录页面存在哈希密码问题,php,mysql,mysqli,Php,Mysql,Mysqli,因此,我正在尝试创建一个简单的登录结构,我不知道为什么它不起作用,我感谢这里有很多例子,请不要将此标记为重复,我只是真的需要一些帮助,我已经尝试了很多次,但我看不出我做错了什么 <?php session_start(); include 'databaseconnection.php'; $email = strip_tags($_POST['email']); $pwd = strip_tags($_POST['pwd']); $sql = "SELECT * FROM user

因此,我正在尝试创建一个简单的登录结构,我不知道为什么它不起作用,我感谢这里有很多例子,请不要将此标记为重复,我只是真的需要一些帮助,我已经尝试了很多次,但我看不出我做错了什么

<?php

session_start();
include 'databaseconnection.php';

$email = strip_tags($_POST['email']);
$pwd = strip_tags($_POST['pwd']);

$sql = "SELECT * FROM user WHERE email='$email'";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
$hash_pwd = $row['pwd'];
$hash = password_verify($pwd, $hash_pwd);

if ($hash == 0) {
  header("Location: error.php")
  exit();
} else {

$sql = "SELECT * FROM user WHERE email='$uid' AND pwd ='$hash_pwd'";
$result = mysqli_query($conn, $sql);

if (!row = mysqli_fetch_assoc($result)); {
  echo "your email address or password is incorrect!";
} else {
  $_SESSION['id'] = $row['id'];
}

header("Location: profile.php")

第一次检查请求第二次过滤器输入第三次使用pdo


简单的代码就在这里


<?php

session_start();
include 'databaseconnection.php';

$email = $_POST['email'];
$pwd = $_POST['pwd'];

$sql = "SELECT * FROM user WHERE email = '$email'";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
$hash_pwd = $row['pwd']; // password from database

// if password is valid start session and redirect to profile.php
if (password_verify($pwd, $hash_pwd))
{
    $_SESSION['id'] = $row['id'];
    header('Location: profile.php');
}
else
{
    header("Location: error.php")
    exit();
}

?>





您没有关闭“}else{”…部分。
您不能“反散列”密码。散列密码的全部意义在于它是一个单向操作。也许我使用了错误的短语,但使用password\u验证不会对输入的密码进行散列,并检查它是否与数据库上存储的散列相同?什么“不起作用”意思是?当我填写登录页面表单时,我得到一个错误,“此页面不工作”验证给定的哈希是否与给定的密码匹配。Muntadher那太好了!但是关于PDO?我不熟悉

<?php

session_start();
include 'databaseconnection.php';

$email = $_POST['email'];
$pwd = $_POST['pwd'];

$sql = "SELECT * FROM user WHERE email = '$email'";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
$hash_pwd = $row['pwd']; // password from database

// if password is valid start session and redirect to profile.php
if (password_verify($pwd, $hash_pwd))
{
    $_SESSION['id'] = $row['id'];
    header('Location: profile.php');
}
else
{
    header("Location: error.php")
    exit();
}

?>