[英]How to make login system with password_verify to work?
I am working on PHP/MYSQL register/login system for like a week and iam truly having issue with php password_hash and password_verify function...The register worked and the login with password_verify keeps failing and i do not understand why..Could somebody help out?我在 PHP/MYSQL 注册/登录系统上工作了大约一个星期,我确实遇到了 php password_hash 和 password_verify 函数的问题......注册有效,使用 password_verify 登录一直失败,我不明白为什么......有人可以帮忙出去? i really am desperate.
我真的很绝望。
Login part ..what i am trying to achieve 1-its check if email is empty or not and if is valid email..2--its check if password is empty or not.登录部分..我想要实现的目标 1-检查电子邮件是否为空以及电子邮件是否有效..2--检查密码是否为空。 3-if both $email and $password are ok..it makes connection to db.. then a-it checks if the email exists in table users, if not it requires to register..b-if the user exists in db, then it verify if the $password is same as passsword in db...if it is valid password..it echoes "valid"..and if not valid password..it echoes "invalide email/password"...that is what i am trying to achieve...
3-如果 $email 和 $password 都正常..它连接到 db.. 然后 a-它检查电子邮件是否存在于表用户中,如果不存在则需要注册..b-如果用户存在于 db 中,然后它验证 $password 是否与 db 中的密码相同......如果它是有效密码......它回显“有效”......如果不是有效密码......它回显“无效电子邮件/密码”......那就是我正在努力实现的目标...
Here i am posting the full code:我在这里发布完整的代码:
db design数据库设计
user_id(auto_increment/primary key)
email(unique, varchar)
password(varchar, 255)
register.php注册.php
<?php
$email=$password="";
$emailErr=$passwordErr="";
if (isset($_POST['submit'])) {
if (empty($_POST['email'])) {
$emailErr="Enter your email";
}
elseif (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === FALSE) {
$emailErr = "Invalid email";
}
else
{
$email= trim($_POST['email']);
}
if (empty($_POST['password'])) {
$passwordErr = "Enter your password";
}
elseif (strlen($_POST['password']) < 3) {
$passwordErr = "password must 4 length least";
}
else
{
$password = trim($_POST['password']);
}
// if everything is filled correct connect
if ($email && $password)
{
include_once'connect.php';
$sql = "SELECT COUNT(users.email) FROM users WHERE email = :email";
$s = $pdo->prepare($sql);
$s->bindValue(':email', $email);
$s->execute();
$result = $s->fetch(PDO::FETCH_NUM);
$resultvalue = $result[0];
//if email exist, stop the script
if ($resultvalue > 0) {
echo "Email already exist";
exit();
}
// if email not exist insert it
else
{
$sql = "INSERT INTO users (email,password) VALUES (:email, :password)";
$stmt = $pdo->prepare($sql);
$stmt->bindValue(':email', $email);
$stmt->bindValue(':password', password_hash($password, PASSWORD_DEFAULT));
$stmt->execute();
if ($stmt) {
echo "Values inserted";
exit();
}
else
{
echo "Insert values failed";
exit();
}
}
}
//if everything is not filled correct connect
else
{
$proceedErr = "Could not proceed";
}
}//submit
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Register page</title>
<style type="text/css">
form p label
{
display: block;
}
em
{
color: red;
font-style: normal;
}
</style>
</head>
<body>
<?php
if (isset($proceedErr)) {
echo $proceedErr;
}
?>
<form method="POST" action="">
<p>
<label for="email">Email :</label>
<input type="text" name="email" id="email" placeholder="Enter your email" value/><em><?php if(isset($emailErr)) echo $emailErr;?></em>
</p>
<p>
<label for="email">Password :</label>
<input type="password" name="password" id="password" placeholder="Enter your password" value/><em><?php if(isset($passwordErr)) echo $passwordErr;?></em>
</p>
<input type="submit" name="submit" id="submit" value="Register" />
</form>
</body>
</html>
login.php登录.php
<?php
$emailErr=$passwordErr="";
$email=$password="";
if (isset($_POST['submit'])) {
if (empty($_POST['email'])) {
$emailErr="Enter your email";
}
elseif (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === FALSE) {
$emailErr = "Enter valid email";
}
else
{
$email = trim($_POST['email']);
}
if (empty($_POST['password'])) {
$passwordErr="Enter your password";
}
else
{
$password= trim($_POST['password']);
}
if ($email && $password)
{
include_once'connect.php';
$sql = "SELECT user_id,email, password FROM users WHERE email = :email";
$s = $pdo->prepare($sql);
$s->bindValue(':email', $email);
$s->execute();
$result = $s->fetch(PDO::FETCH_ASSOC);
$resultvalue = count($result['email']);
print_r($result);
//if email do not exist, stop the script
if ($resultvalue < 1) {
echo "Your email do not exist, please register";
exit();
}
elseif (password_verify($password, $result['password'])) {
echo "valide password / email";
exit();
}
else
{
echo "InValid email / password";
exit();
}
}
else
{
echo "Email / password do not match";
}
}// end submit
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Login page</title>
<style type="text/css">
form p label
{
display: block;
}
em
{
color: red;
font-style: normal;
}
</style>
</head>
<body>
<form method="POST" action="">
<p>
<label for="email">Email :</label>
<input type="text" name="email" id="email" placeholder="Enter your email" value/><em><?php if(isset($emailErr)) echo $emailErr;?></em>
</p>
<p>
<label for="email">Password :</label>
<input type="password" name="password" id="password" placeholder="Enter your password" value/><em><?php if(isset($passwordErr)) echo $passwordErr;?></em>
</p>
<input type="submit" name="submit" id="submit" value="login" />
</form>
</body>
</html>
Tested the same scripts here and it worked.在这里测试了相同的脚本并且它起作用了。
I've received as answer "valide password / email", so this conditional statement "(password_verify($password, $result['password']))" returned true (line 51 within login.php).我收到的答案是“验证密码/电子邮件”,因此这个条件语句“(password_verify($password, $result['password']))”返回 true(login.php 中的第 51 行)。
Do you receive any error message or warning?您是否收到任何错误消息或警告?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.