密码正确时显示的PHP登录验证消息
我已经使用PHP为我的网站创建了一个登录页面。对于验证,我希望在用户名不存在、密码错误或用户未输入其中一个密码时显示错误消息。除了验证密码是否正确外,我的大多数验证都有效。我使用的代码如下。我相信问题出在密码验证if语句上。即使密码正确,也会出现提示用户密码不正确的错误消息密码正确时显示的PHP登录验证消息,php,validation,authentication,password-hash,Php,Validation,Authentication,Password Hash,我已经使用PHP为我的网站创建了一个登录页面。对于验证,我希望在用户名不存在、密码错误或用户未输入其中一个密码时显示错误消息。除了验证密码是否正确外,我的大多数验证都有效。我使用的代码如下。我相信问题出在密码验证if语句上。即使密码正确,也会出现提示用户密码不正确的错误消息 <?php // Initalise session session_start(); //Check if the user is already logged in, if yes then redirect t
<?php
// Initalise session
session_start();
//Check if the user is already logged in, if yes then redirect to members page
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
header("location: members.php");
exit;
}
//Include config file
require_once "config.php";
//Define variables and initalise with empty values
$username = $password = "";
$username_err = $password_err = "";
//Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
//Check if username is empty
if(empty(trim($_POST["username"]))){
$username_err = "Please enter your username.";
} else{
$username = trim($_POST["username"]);
}
//Check if password is empty
if(empty(trim($_POST["password"]))){
$password_err = "Please enter your password.";
} else{
$password = trim($_POST["password"]);
}
//Validate credentials
if(empty($username_err) && empty($password_err)){
//Prepare a select statement
$sql = "SELECT username, password FROM users WHERE username = ?";
if($stmt = $mysqli->prepare($sql)){
//Bind variables to the prepared statement as parameters
$stmt->bind_param("s", $param_username);
//Set parameters
$param_username = $username;
//Attempt to execute the prepared statement
if($stmt->execute()){
//Store result
$stmt->store_result();
//Check if username exists, if yes then verify password
if($stmt->num_rows == 1){
//Bind result variables
$stmt->bind_result($username, $password);
if($stmt->fetch()){
if(password_verify($password, $_POST['password'])){
//Password is correct, so start a new session
session_start();
//Store data in session variables
$_SESSION["loggedin"] = true;
$_SESSION["username"] = $username;
//Redirect user to members page
header("location: members.php");
} else {
//Display an error message if password is not valid
$password_err = "The password you entered was not valid.";
}
}
} else{
//Display an error message if username doesn't exist
$username_err = "No account found with that username.";
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
//Close statement
$stmt->close();
}
}
//Close connection
$mysqli->close();
}
?>
您有自己的变量:
应该是
if(password_verify($_POST['password'], $password)){
注释
在散列之前,不需要对它们执行任何操作或使用任何其他清理机制。这样做会更改密码并导致不必要的额外编码
,确保存储密码的列更大,以便处理未来的哈希算法VARCHAR(255)
或TEXT
有足够的存储空间来容纳将来的散列。感谢您的回复!我翻转了变量,但不幸的是,我仍然存在问题。请尝试将true
添加到语句if(password\u verify($\u POST['password',$password)==true)
您将密码存储在多大的列中?当你储存密码时,你是否正在修改密码?在散列之前,不需要对它们执行任何操作或使用任何其他清理机制。这样做会更改密码并导致不必要的额外编码。@Chloe17您必须重新开始并创建新的哈希值。我重新设置了密码,现在一切正常,谢谢您的反馈!确保存储密码的列至少为varchar(60)。并确保您输入了正确的密码(以防万一)显示您是如何散列密码的
if(password_verify($_POST['password'], $password)){