[英]Can't login, trouble checking password?
Yesterday, I started making my own login+registration form. 昨天,我开始制作自己的登录+注册表格。
// ...Variable checking... // Final upload if ($errornum == 0){ if (!file_exists("../core/accounts/".$username.".php")) { $password_e = password_hash($password, PASSWORD_DEFAULT, ['cost' => 10]); $myFile = "../core/accounts/".$username.".php"; $fh = fopen($myFile, 'w'); $stringData = "<?php\\n\\$username_u = \\"{$username}\\";\\n\\$password_u = htmlentities(\\"{$password_e}\\", ENT_QUOTES);\\n\\$gender_u = \\"{$gender}\\";\\n\\$birth_day_u = \\"{$birth_day}\\";\\n\\$birth_month_u = \\"{$birth_month}\\";\\n\\$birth_year_u = \\"{$birth_year}\\";\\n\\$status_u = \\"{$status}\\";\\n\\$email_u = \\"{$email}\\";\\n\\$firstname_u = \\"{$firstname}\\";\\n\\$lastname_u = \\"{$lastname}\\";\\n\\$refer_u = \\"{$refer}\\";\\n?>"; fwrite($fh, $stringData); fclose($fh); } else {$username_error.="<div id='error'>Username taken</div>"; $errornum = $errornum + 1;} }
That's the registration upload thing. 那就是注册上传的东西。 What it does: it stores all of the user-entered variables in a file located at core/accounts/user-name.php.
它的作用:将所有用户输入的变量存储在位于core / accounts / user-name.php的文件中。
Here's the output of a file generated by the piece of code above: 这是上面的代码生成的文件的输出:
// The password is "dummypassword" // The file name, in this case, is "dummyfile.php" <?php $username_u = "dummyfile"; $password_u = htmlentities("$2y$10$1s7uJ4yM5u6KxKdiCh3P0.S/zQRDT4C9DtakCtmJvwR/SxwjVsXzC", ENT_QUOTES); $gender_u = "male"; $birth_day_u = "3"; $birth_month_u = "2"; $birth_year_u = "1977"; $status_u = "single"; $email_u = "dummyemail@gmail.com"; $firstname_u = "dummy"; $lastname_u = "dummy"; $refer_u = "me"; ?>
As you can see, the password got encrypted by the following 'command': 如您所见,密码已通过以下“命令”进行了加密:
password_hash($password, PASSWORD_DEFAULT, ['cost' => 10]);
I'm using htmlentities(); 我正在使用htmlentities(); to store the special characters contained in the password.
存储密码中包含的特殊字符。 And here comes the login script...
这是登录脚本...
// ...Self explanatory code above... No need to include $submit = trim(stripslashes(strip_tags(($_POST['submit'])))); if(!empty($submit)){ $username = trim(stripslashes(strip_tags(($_POST['username'])))); $password = trim(stripslashes(strip_tags(($_POST['password'])))); if(empty($username) || empty($password)){ $error=true; } else { if (file_exists("core/accounts/".$username.".php")) { include "core/accounts/".$username.".php"; } else {$error=true;} if(password_verify($password, $password_u)){ // Logged in!! $_SESSION['username'] = $username; header("location:home/"); exit; } else {$error=true;} }
Again, the real interesting part is the following 'command': 同样,真正有趣的部分是以下“命令”:
if(password_verify($password, $password_u)){
The thing is, it's not working. 问题是,它不起作用。 I can't login.
我无法登录。 It always tells me I have the wrong password!
它总是告诉我密码错误! I know the error must be caused by the commands I mentioned though.
我知道错误一定是由于我提到的命令引起的。
Any tips? 有小费吗?
if you are inclined to do what you are doing, but I don't understand it... 如果您倾向于做自己在做的事情,但我不明白...
change, this.... 改变,这个...。
if(password_verify($password, $password_u)){
to, this... 到...
if(password_verify($password, html_entity_decode($password_u))){
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.