我的PHP登录表单一直显示错误的密码
我的登录表单如下所示:我的PHP登录表单一直显示错误的密码,php,login,Php,Login,我的登录表单如下所示: <form class="form-signin" method="post" id="login-form"> <div id="img_container" class="imgcontainer"> <img src="../images/img_avatar2.png" alt="Avatar" class="avatar"> </div>
<form class="form-signin" method="post" id="login-form">
<div id="img_container" class="imgcontainer">
<img src="../images/img_avatar2.png" alt="Avatar" class="avatar">
</div>
<?php
if(isset($msg)){
echo $msg;
}
?>
<div id="container" class="container">
<label><b>Navn</b></label>
<input type="text" placeholder="Enter E-mail" name="email" required>
<label><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="psw" required>
<button type="submit" name="btn-login" id="btn-login">Login!</button>
<input type="checkbox" checked="checked"> Rember me
<span class="psw"><a href="#">Forgot your passowrd?</a></span>
</div>
</form>
<?php
session_start();
require_once '../db/dbconnect.php';
if (isset($_POST['btn-login'])) {
$email = strip_tags($_POST['email']);
$password = strip_tags($_POST['psw']);
$email = $DBcon->real_escape_string($email);
$password = $DBcon->real_escape_string($password);
$query = $DBcon->query("SELECT user_id, email, psw FROM Users WHERE email='$email'");
$row=$query->fetch_array();
$count = $query->num_rows; // if email/password are correct returns must be 1 row
if (password_verify($password, $row['psw']) && $count==1) {
$_SESSION['userSession'] = $row['user_id'];
header("Location: student.php");
} else {
$msg = "<div class='alert alert-danger'>
<span class='glyphicon glyphicon-info-sign'></span> Invalid E-mail or Password !
</div>";
}
$DBcon->close();
}
?>
password\u hash()此外:在散列之前,请确保或使用任何其他清理机制。这样做会更改密码并导致不必要的额外编码。请查看以下代码
session_start();
require_once '../db/dbconnect.php'; //Am assuming u are using PDO
if (isset($_POST['btn-login'])) {
$email = strip_tags($_POST['email']);
$password = $_POST['password'];
$query = "SELECT user_id, email, psw, FROM Users WHERE email = :email";
$queryStat = $DBcon->prepare($query);
$queryStat->execute(['email'=>$email]);
$row = $queryStat->fetch(PDO::FETCH_ASSOC);
$encryptedPassword = $row['psw'];
if (password_verify($password, $encryptedPassword)) { //No need for row count
$_SESSION['userSession'] = $row['user_id'];
header('Location: student.php');
}else{
$msg = "<div class='alert alert-danger'>
<span class='glyphicon glyphicon-info-sign'></span> Invalid E-mail or Password !
</div>";
}
}
session_start();
需要_once'../db/dbconnect.php'//我假设你正在使用PDO
如果(isset($_POST['btn-login'])){
$email=strip_标签($_POST['email']);
$password=$_POST['password'];
$query=“从电子邮件=:email的用户中选择用户标识、电子邮件、psw”;
$queryStat=$DBcon->prepare($query);
$queryStat->execute(['email'=>$email]);
$row=$queryStat->fetch(PDO::fetch\U ASSOC);
$encryptedPassword=$row['psw'];
如果(password\u verify($password,$encryptedPassword)){//不需要行计数
$\u SESSION['userSession']=$row['user\u id'];
标题('Location:student.php');
}否则{
$msg=”
无效的电子邮件或密码!
";
}
}
准备好的语句real\u escape\u string()strip\u tags()real\u escape\u string()session_start();
require_once '../db/dbconnect.php'; //Am assuming u are using PDO
if (isset($_POST['btn-login'])) {
$email = strip_tags($_POST['email']);
$password = $_POST['password'];
$query = "SELECT user_id, email, psw, FROM Users WHERE email = :email";
$queryStat = $DBcon->prepare($query);
$queryStat->execute(['email'=>$email]);
$row = $queryStat->fetch(PDO::FETCH_ASSOC);
$encryptedPassword = $row['psw'];
if (password_verify($password, $encryptedPassword)) { //No need for row count
$_SESSION['userSession'] = $row['user_id'];
header('Location: student.php');
}else{
$msg = "<div class='alert alert-danger'>
<span class='glyphicon glyphicon-info-sign'></span> Invalid E-mail or Password !
</div>";
}
}