Php 密码\u验证哈希密码
我有管理页面,将插入用户id,密码,角色。密码将在管理员插入新用户后散列。它工作正常,但当我尝试使用哈希密码登录时,它会弹出“无效用户或密码”。可能是因为我把密码放错地方了。有人能帮帮我吗 下面是我的代码 login.phpPhp 密码\u验证哈希密码,php,Php,我有管理页面,将插入用户id,密码,角色。密码将在管理员插入新用户后散列。它工作正常,但当我尝试使用哈希密码登录时,它会弹出“无效用户或密码”。可能是因为我把密码放错地方了。有人能帮帮我吗 下面是我的代码 login.php <?php session_start(); // Starting Session $error=''; // Variable To Store Error Message if (isset($_POST['submit'])) { if (empty($_PO
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysqli_connect("localhost", "root", "","company");
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($connection, $username);
$password = mysqli_real_escape_string($connection, $password);
// SQL query to fetch information of registerd users and finds user match.
$query = mysqli_query($connection, "select * from login where password='$password' AND username='$username'");
$row=mysqli_fetch_assoc($query);
$rows = mysqli_num_rows($query);
if ($rows == 1) {
$pwdCheck = password_verify($password,$row['password']); $_SESSION['user']=array(
'username'=>$row['username'],
'password'=>$row['password'],
'role'=>$row['role']
);
$role=$_SESSION['user']['role'];
//Redirecting User Based on Role
switch($role){
case 'user':
if ($pwdCheck == true)
header("location: index.php"); // Redirecting To Other Page
break;
case 'admin':
if ($pwdCheck == true)
header("location: adminindex.php"); // Redirecting To Other Page
break;
}
}
else {
$error = "Username or Password is invalid";
}
mysqli_close($connection); // Closing Connection
}
}
?>
更改您的select查询:在where情况下,仅使用用户名
<?php
$username=$_POST['username'];
$password=$_POST['password'];
$query = mysqli_query($connection, "select * from login WHERE username='$username'");
$row=mysqli_fetch_assoc($query);
$rows = mysqli_num_rows($query);
if ($rows == 1) {
if (password_verify($password, $row['password'])) {
echo 'Password is valid!';
if($role=$_SESSION['user']['role'] == 'user'){
header("location: index.php");
}elseif($role=$_SESSION['user']['role'] == 'admin'){
header("location: adminindex.php");
}
} else {
$error = "Password is invalid";
}
}else{
$error = "Username is invalid";
}
?>
在select查询中,您无法匹配密码,您只需匹配用户名,然后检查密码取出密码=“$password”
。同时删除条斜杠,您最好使用参数化查询。我计划从mysqli non prepare更改为mysqli with prepare语句,但更改所有顺便说一句,当我取出密码=“$password.”:)时,登录就起作用了,因为哈希版本不等于纯文本版本。是的,准备的会更好。呃,但是当我取出密码=“$password”时。用户可以自由登录。如何???我想根据用户角色重定向用户。这让我搞不清楚如何输入验证密码。我仍然没有找到解决方案。在有效密码部分,如果条件为($role=$\u SESSION['user']['role']='user'){header(“location:index.php”);}elseif($role=$\u SESSION['user']['role']='admin'){header(“location:admindex.php”)}你最好使用准备好的语句,而不是headit不起作用。。我无法登录。显示“用户名无效”。我在管理页面中插入密码“1234”。然后,在登录页面中,我还添加了“1234”。但它仍然不起作用。嗯,“用户名无效”是指根据条件键入错误的用户名。
<?php
$username=$_POST['username'];
$password=$_POST['password'];
$query = mysqli_query($connection, "select * from login WHERE username='$username'");
$row=mysqli_fetch_assoc($query);
$rows = mysqli_num_rows($query);
if ($rows == 1) {
if (password_verify($password, $row['password'])) {
echo 'Password is valid!';
if($role=$_SESSION['user']['role'] == 'user'){
header("location: index.php");
}elseif($role=$_SESSION['user']['role'] == 'admin'){
header("location: adminindex.php");
}
} else {
$error = "Password is invalid";
}
}else{
$error = "Username is invalid";
}
?>