[英]Cant login user with hash password previously created with signup query
I'm still such a noob. 我还是个菜鸟。 I'm trying to login a user using a hash_password previously created in signup query. 我正在尝试使用先前在注册查询中创建的hash_password登录用户。 I've been looking around here but I guess I don't understand how it works and need help understanding it. 我一直在这里逛逛,但我想我不明白它是如何工作的,需要帮助来理解它。
signup.php signup.php
if(isset($_POST['register'])){
// set parameters and insert in users table
$date_now = date('Y-m-d H:i:s');
$user_level =$_POST['user_level'];
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
//Store $hashedPassword in the database under the password column.
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
// prepare and bind // users table
$user = $db->prepare("INSERT INTO users (username, password, email,created) VALUES (?, ?, ?,?)");
$user->bind_param("ssss", $username,$hashedPassword, $email,$date_now);
$user->execute();
}
login.php login.php
if($_SERVER["REQUEST_METHOD"] == "POST") {
$myusername = mysqli_real_escape_string($db,$_POST['username']);
$mypassword = mysqli_real_escape_string($db,$_POST['password']);
$hashedPassword = "SELECT id FROM users WHERE username = '$myusername' and password = '$mypassword'";
$result = mysqli_query($db,$hashedPassword);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$active = $row['active'];
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1 && (password_verify($mypassword,$hashedPassword))) {
$_SESSION['login_user'] = $myusername;
header("location: user/adminhome.php");
}else {
$error = "Your Login Name or Password is invalid";
}
}
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
$hashedPassword = password_hash($password);
$query = "SELECT id FROM users WHERE username = '$username' and password = '$hashedPassword'";
$result = mysqli_query($db, $query);
Replace your login.php code with the following. 将您的login.php代码替换为以下内容。 I have made few tweaks to your code. 我对您的代码做了一些调整。 Hopefully it will work. 希望它会起作用。 Make sure to check the differences carefully. 确保仔细检查差异。 :) :)
<?php
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST") {
$myusername = mysqli_real_escape_string($db,$_POST['username']);
$mypassword = $_POST['password']; // no need to real escape this
// query for getting hashed password for the $myusername
$hashedPasswordQry = "SELECT password FROM users WHERE username = '$myusername'";
$result = mysqli_query($db,$hashedPasswordQry);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$active = $row['active'];
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1 && (password_verify($mypassword, $row['password']))) {
$_SESSION['login_user'] = $myusername;
header("location: user/adminhome.php");
}else {
$error = "Your Login Name or Password is invalid";
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.