PHP登录不工作。使用密码进行验证,似乎会导致一些问题
我不知道为什么它不起作用 Login.phpPHP登录不工作。使用密码进行验证,似乎会导致一些问题,php,forms,mysqli,submit,password-hash,Php,Forms,Mysqli,Submit,Password Hash,我不知道为什么它不起作用 Login.php $email = $_POST['email]; $password = $_POST['password]; $validEmail = filter_var($email, FILTER_VALIDATE_EMAIL); $getpassword = $connect->query("SELECT password FROM users WHERE email = '$validEmail'"); $row = $getpassword
$email = $_POST['email];
$password = $_POST['password];
$validEmail = filter_var($email, FILTER_VALIDATE_EMAIL);
$getpassword = $connect->query("SELECT password FROM users WHERE email = '$validEmail'");
$row = $getpassword->fetch_assoc();
$passVarify = password_varify($password, $row['password']);
$result = $objConnection->query("SELECT userid, privileges FROM users WHERE email = '$validEmail' && password = '$passVarify'");
if($result->num_rows > 0) {
$row = $result->fetch_assoc();
$userid = $_SESSION['userid'] = $row['userid'];
$privileges = $_SESSION['privileges'] = $row['privileges'];
}
有什么好主意吗?因为我一直在绞尽脑汁想弄明白为什么第一个“查询”有效而第二个无效 你让自己的生活很艰难 首先,密码验证()的结果为真或假,即验证或未验证。它不会解除密码的锁定。应该没有任何东西可以解除散列的哈希 另外,从数据库中获取数据不需要进行两次单独的调用 您也不需要将电子邮件地址从POST数组复制到标量变量中 因此,对于您的代码来说,这将是一个更简单的流程 此外,您实际上不需要过滤用户输入的密码。如果不正确,
验证密码()$result = $connect->query("SELECT userid, privilages, password
FROM users
WHERE email = '{$_POST['email']}'");
$user = $result->fetch_assoc();
if ( ! password_verify($_POST['password'], $user['password']) ) {
// show the password error screen
exit;
} else {
// save all the SELECTED user info into a sub array of SESSION
// to be used later
$_SESSION['user'] = $user;
}
password\u verify密码\u哈希/验证$stmt= $connect->query("SELECT userid, privilages, password
FROM users
WHERE email = ?");
$stmt->bind_param("s", $_POST['email']);
$stmt->execute();
$result = $stmt->get_result();
$user = $result->fetch_array(MYSQLI_ASSOC);