Fatal编程技术网
  • php/
  • Php 加密登录密码

Php 加密登录密码

php

Php 加密登录密码,php,Php,有人能看到我的代码有什么问题吗?当我尝试登录时,它无法识别密码。我有非常类似的代码管理,它是工作,但这一个不是 function register_client(){ if(isset($_POST['register'])){ $client_name = escape_string($_POST['client_name']); $client_surname = escape_string($_POST['client_surname']); $c

有人能看到我的代码有什么问题吗?当我尝试登录时,它无法识别密码。我有非常类似的代码管理,它是工作,但这一个不是

function register_client(){

  if(isset($_POST['register'])){

    $client_name     = escape_string($_POST['client_name']);
    $client_surname  = escape_string($_POST['client_surname']);
    $client_email    = escape_string($_POST['client_email']);
    $client_phone    = escape_string($_POST['client_phone']);
    $client_password = escape_string($_POST['client_password']);
    $country         = escape_string($_POST['country']);
    $city            = escape_string($_POST['city']);
    $zip_code        = escape_string($_POST['zip_code']);
    $client_address  = escape_string($_POST['client_address']);

    $client_password = password_hash($password, PASSWORD_BCRYPT, array('cost' =>10));
    $get_query = query("SELECT client_email FROM client_db");
    confirm($get_query);
    $tem = 0;
    while($row = fetch_array($get_query)){
    $check_mail = $row['client_email'];
      if($client_email === $check_mail){
        $tem++;

      }
    }

    if($tem === 0){

      $query = query("INSERT INTO client_db(client_name, client_surname, client_email, client_password, client_phone, country, city, zip_code, client_address) VALUES('{$client_name}', '{$client_surname}', '{$client_email}', '{$client_password}',  '{$client_phone}', '{$country}', '{$city}', '{$zip_code}', '{$client_address}') ");
      confirm($query);
      redirect("client_login.php");
    }else{
      set_message("incorrect email address");
    }
  }
}

function login_client(){

  if(isset($_POST['submit_client'])){

    $user_email = escape_string($_POST['client_email']);
    $password = escape_string($_POST['client_password']);

    $query = query("SELECT * FROM client_db WHERE client_email = '{$user_email}' ");
    confirm($query);

    while($row = fetch_array($query)){
    $db_password = $row['client_password'];

    $client_id = $row['client_id'];
}

      if(password_verify($password, $db_password)){

      $_SESSION['user_login'] = $client_id;

      redirect("index.php?id={$client_id}");
    }
    else{

          set_message("Your username or password are incorect! ");


          redirect("client_login.php");
    }
  }
}
也许这行是错的,因为$password在这里是未知的:

$client_password = password_hash($password, PASSWORD_BCRYPT, array('cost' =>10));
应该是:

$client_password = password_hash($client_password, PASSWORD_BCRYPT, array('cost' =>10));
嗨,谢谢。它现在正在工作。