[英]Login system with password_verify()
I'm trying to make a login system with hashed passwords.我正在尝试使用散列密码制作登录系统。 What is supposed to happen is after I click on the submit button a session should be created and I should be redirected to home.php.
应该发生的事情是在我点击提交按钮后,应该创建一个会话,我应该被重定向到 home.php。 If input data doesn't match the data inside the database I should get "Error 1" or "Error 2" alerts.
如果输入数据与数据库内的数据不匹配,我应该收到“错误 1”或“错误 2”警报。
My problem is that when I click on a submit button all that happens is that I get redirected to login.php.我的问题是,当我点击提交按钮时,所有发生的事情就是我被重定向到 login.php。 I get no errors and no alerts, only blank screen with login.php URL.
我没有收到错误和警报,只有带有 login.php URL 的空白屏幕。
I'm trying to figure how to make the password_verify() part work.我想弄清楚如何使 password_verify() 部分工作。 Any kind of help is appreciated.
任何形式的帮助表示赞赏。
Picture of database: https://imgur.com/a/BXiHBN4数据库图片: https : //imgur.com/a/BXiHBN4
Picture of what happens after a login attempt: https://imgur.com/a/qKZ1tsi登录尝试后发生的情况的图片: https : //imgur.com/a/qKZ1tsi
Form code:表格代码:
<html>
<head>
<title> Login now! </title>
<meta charset="UTF-8">
<link rel="stylesheet" type="text/css" href="css/style.css"/>
</head>
<body>
<header>
<div class="alignRight">
<a href="registration.html"> Register </a>
</div>
<div class="alignLeft">
<a href="contact.html"> Contact us </a>
<a href="aboutus.html"> About us </a>
<a href="news.html"> News </a>
</div>
</header>
<h1> Welcome back! </h1>
<h2> Log in to continue with your work. </h2>
<form name="login-form" id="login-form" action="login.php" method="post">
<input class="_40" type="text" name="username" pattern="[a-zA-Z0-9_]{1,15}"
placeholder="Username" required />
<br />
<input class="_40" type="password" name="pwd" placeholder="Password" required />
<br />
<input id="loginSubmitButton" type="submit" value="Submit" />
</form>
</body>
</html>
PHP code: PHP代码:
<?php
session_start();
$servername ="localhost";
$username = "root";
$password = "";
$link = mysqli_connect($servername, $username, $password);
mysqli_select_db($link, "users");
$username = mysqli_real_escape_string($link, $_POST["username"]);
$pwd = mysqli_real_escape_string($link, $_POST["pwd"]);
$query = "SELECT * FROM users WHERE Username = '$username'";
$result = mysqli_query($link, $query);
$row = mysqli_fetch_assoc($result);
if(($result->num_rows > 0))
{
while($row = mysqli_fetch_array($result))
{
if(password_verify($pwd, $row["Hash"]))
{
$_SESSION["username"] = $username;
header("location:home.php");
}
else
{
echo '<script>alert("Error 1")</script>';
}
}
}
else
{
echo '<script>alert("Error2")</script>';
}
?>
I think I see the problem.我想我看到了问题。
It looks like you're probably fetching the only row from the results before the if看起来您可能在 if 之前从结果中获取唯一的行
$row = mysqli_fetch_assoc($result);
Then when you fetch again here, there's nothing left to fetch.然后当你再次在这里取货时,就没有什么可取的了。
if(($result->num_rows > 0))
{
while($row = mysqli_fetch_array($result))
(I'm assuming the query will only return one row since username is unique.) (我假设查询只会返回一行,因为用户名是唯一的。)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.