我的登录页面始终显示数据不正确。 找不到错误
[英]My login page always shows that data is incorrect. Cant find the bug
问题描述
Here's my code: 
这是我的代码:
<?php
try {
$connection = new PDO("mysql:host=localhost;dbname=tp1-2015_groep2", "utp1-2015_groep2", "bB5HvUC7MV7mqpWp");
$connection->query("SET NAMES utf8");
echo "<p id='popupg'>Heeft u al een account? U kunt nu inloggen!</p>";
} catch (PDOException $exception) {
echo "<p id='popupr'>U bent NIET verbonden! Probeer alstublieft opnieuw te verbinden!</p>";
exit;
}
function hashedPassword($username, $password) {
return hash ("sha512", $username.$password);
}
//zodra het login knop ingedrukt wordt..
if(isset($_POST['login'])){
//Verkrijg de info binnen van onze formulier
$username = $_POST['username'];
$password = $_POST['password'];
//Haal de geselecteerde velden op
$sql = $connection->prepare ("SELECT id, username, password FROM gebruikersgegevens WHERE username = :username AND password = :password");
$passwordHash = hashedPassword($username, $password);
//Koppel de onderstaande waarden aan elkaar
$sql->bindValue(':username', $username, PDO::PARAM_STR);
$sql->bindValue(':password', $passwordHash, PDO::PARAM_STR);
//Voer het voorbereidde query uit
$sql->execute();
if ($sql->execute()) {
//Haal rij op..
$sql->fetch();
//kijken of de rijen kloppen..
$count = $sql->rowCount();
if ($count !== 0) {
//Zodra count "true" geeft, vergelijk wachtwoorden..
$validPassword = password_verify($password, $user['password']);
if ($validPassword) {
//Bied de gebruiker een login sessie aan.
$_SESSION['user_id'] = $user['id'];
$_SESSION['logged_in'] = time();
$_SESSION['username'] = $_POST['username'];
//Stuurt de gebruiker door naar het onderstaande link..
header('Location: index.php');
exit;
} else {
die('<p id="popupr">Het verifiëren is fout gegaan!</p>');
}
} else {
//een tijdelijke error oplossing!
echo '<p id="popupr">De combinatie van wachtwoord en gebruikersnaam klopt niet!</p>';
}
}
}
I have to make a blog for school where you need to be able to register and login. 我必须为学校创建一个博客,您需要在这里注册和登录。 But the login page doesn't really work. 但是登录页面实际上并不起作用。 Can't find the bug. 找不到错误。 I tried so many things, but nothing worked. 我尝试了很多事情,但没有任何效果。 It always says the combination to login is wrong. 总是说登录组合是错误的。 I already think where it goes wrong, but I can't find what's wrong. 我已经想到哪里出了问题,但是我找不到问题所在。 It's where the password is getting verified. 在此验证密码。
2 个解决方案
解决方案1
0 2016-02-24 16:13:00
You're doing double work. 您正在做双重工作。 For one you're retrieving rows from the table which match both the username and password and then later you're comparing the password which is hashed using a different hashing method to the hashed password. 对于其中一个,您要从表中检索与username和password都匹配的行,然后再将使用不同哈希方法哈希的密码与哈希密码进行比较。 Later you're accessing $user which hasn't been set yet (You're using $sql->fetch() without assigning the result into a variable). 稍后,您将访问尚未设置的$user (您正在使用$sql->fetch()而不将结果分配给变量)。
You also had a double $sql->execute() . 您还具有一个双重$sql->execute() 。 Which (if it returns false) means something went wrong with the query, not that there aren't any rows. 哪一个(如果返回false)表示查询出了点问题,而不是没有任何行。
Try the following, 尝试以下方法
<?php
session_start();
if(isset($_POST['login'])){
//Verkrijg de info binnen van onze formulier
$username = $_POST['username'];
$password = $_POST['password'];
//Haal de geselecteerde velden op
$sql = $connection->prepare ("SELECT id, username, password FROM gebruikersgegevens WHERE username = :username AND password = :password");
$passwordHash = hashedPassword($username, $password);
//Koppel de onderstaande waarden aan elkaar
$sql->bindValue(':username', $username, PDO::PARAM_STR);
$sql->bindValue(':password', $passwordHash, PDO::PARAM_STR);
//Voer het voorbereidde query uit
if ($sql->execute()) {
//Haal rij op.. (En sla op in $user)
$user = $sql->fetch();
//kijken of de rijen kloppen..
$count = $sql->rowCount();
if ($count > 0) {
//Bied de gebruiker een login sessie aan.
$_SESSION['user_id'] = $user['id'];
$_SESSION['logged_in'] = time();
$_SESSION['username'] = $_POST['username'];
//Stuurt de gebruiker door naar het onderstaande link..
header('Location: index.php');
exit;
} else {
die('<p id="popupr">Het verifiëren is fout gegaan!</p>');
}
} else {
//een tijdelijke error oplossing!
// Je komt alleen hier als de query mislukt is (fout in de query of database).
echo '<p id="popupr">De combinatie van wachtwoord en gebruikersnaam klopt niet!</p>';
}
}
解决方案2
-1 2016-02-24 10:05:56
You use password_verify() to verifiy password but you generate hash with hash() function. 您使用password_verify()验证密码,但是使用hash()函数生成哈希。 Try to change hash() to password_hash() . 尝试将hash()更改为password_hash() 。 See password_verify() documentation . 请参阅password_verify()文档 。 password_hash() using crypt() to generate password see password_hash documentation . password_hash()使用crypt()生成密码,见password_hash文档 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.