[英]My LogIn PHP form doesn't work. I believe that my $hash = $row['password']; is the problem, but am not really sure
I'm currently in the process of creating my first website with PHP.我目前正在使用 PHP 创建我的第一个网站。 I have created a MySQL database with a database and a table called "users" with the columns in order from left to right, "Personalid" (AUTOINCREMENT), "username" & "password" (hashed using password_hash($POST_['password'])
.我创建了一个 MySQL 数据库,其中包含一个数据库和一个名为“users”的表,其列从左到右依次为“Personalid”(AUTOINCREMENT)、“username”和“password”(使用password_hash($POST_['password'])
。
Here is my HTML code for the form below这是下面表格的 HTML 代码
<form method="post" action="idk.php">
<h1>Sign In</h1>
<br>
<input type="text" placeholder="Username" name="username"/>
<input type="password" placeholder="Password" name="password"/>
<button type="submit" name="submit" value="Login">Sign In</button>
</form>
Here's my php form, called idk.php这是我的 php 表格,名为 idk.php
<?php
$conn=mysqli_connect('localhost','root','root',"user_hirsa");
if(!$conn){
die('Could not Connect My Sql:' .mysql_error());
}
else {
echo "Connected";
}
?>
<?php
$stmt = $conn->prepare("SELECT username, password FROM users WHERE username = ?");
$stmt->bind_param('s', $myusername);
$myusername = $_POST['username'];
$mypassword = $_POST['password'];
$hash = $row['password'];
$stmt->execute();
$stmt->bind_result($myusername, $mypassword);
$row = $stmt->fetch(); //fetch DB results
if (!empty($row)) { // checks if the user actually exists(true/false returned)
if (password_verify($mypassword, $hash)) {
echo 'success'; // password_verify success!
} else {
echo 'failed';
}
} else {
echo "This user does not exist"; //username entered does not match any in DB
}
$stmt->close();
$conn->close();
?>
I believe that my problem is with the $hash = $row['password']
, but I don't really know.我相信我的问题在于$hash = $row['password']
,但我真的不知道。 My outcome is "connected" for the database connection, but always "failed", even if I enter a correct password.我的结果是数据库连接“已连接”,但总是“失败”,即使我输入了正确的密码。 When I enter a wrong username it displays "This user does not exist", so no problem there.当我输入错误的用户名时,它会显示“此用户不存在”,所以没有问题。
You are almost correct.你几乎是正确的。 The hash should come from the database. hash 应该来自数据库。 A better naming convention for your variables maybe would help notice the mistake.更好的变量命名约定可能有助于发现错误。
I made few changes to your script:我对您的脚本做了一些更改:
<?php
// enable error reporting
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$conn = new mysqli('localhost', 'root', 'root', "user_hirsa");
// you should set the correct charset here
// $conn->set_charset('utf8mb4');
<?php
$myusername = $_POST['username'];
$mypassword = $_POST['password']; // plain password coming from login form
$stmt = $conn->prepare("SELECT password FROM users WHERE username = ?");
$stmt->bind_param('s', $myusername);
$stmt->execute();
// bind columns to variables
$stmt->bind_result($hashInDB);
$row = $stmt->fetch(); //fetch DB results
if ($row) { // checks if the user actually exists(true/false returned)
if (password_verify($mypassword, $hashInDB)) {
echo 'success'; // password_verify success!
} else {
echo 'failed';
}
} else {
echo "This user does not exist"; //username entered does not match any in DB
}
// you don't need these
// $stmt->close();
// $conn->close();
Generally it is a bad idea to let others know which user does/doesn't exist in the database.通常,让其他人知道数据库中存在/不存在哪个用户是一个坏主意。 Just say that credentials are incorrect.只是说凭据不正确。
It appears you are trying to access $row before it is instantiated.看来您正在尝试在 $row 实例化之前访问它。 As such, your $hash will be null.因此,您的 $hash 将为 null。 Try setting your hash after retrieving the results.检索结果后尝试设置您的 hash。
$row = $stmt->fetch();
$hash = $row['password'];
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.