堆栈内存溢出
  繁体   English   中英

无法使用先前通过注册查询创建的哈希密码无法登录的用户

[英]Cant login user with hash password previously created with signup query

 原文  2017-02-16 01:27:42       php/ mysql/ hash

问题描述

我还是个菜鸟。 我正在尝试使用先前在注册查询中创建的hash_password登录用户。 我一直在这里逛逛,但我想我不明白它是如何工作的,需要帮助来理解它。

signup.php 

if(isset($_POST['register'])){

// set parameters and insert in users table  
$date_now = date('Y-m-d H:i:s');
$user_level =$_POST['user_level'];
$username = $_POST['username'];
$password = $_POST['password'];
$email =  $_POST['email'];

//Store $hashedPassword in the database under the password column.
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);

// prepare and bind // users table
$user = $db->prepare("INSERT INTO users (username, password, email,created) VALUES (?, ?, ?,?)");
$user->bind_param("ssss", $username,$hashedPassword, $email,$date_now);
$user->execute();

}

login.php 

 if($_SERVER["REQUEST_METHOD"] == "POST") {

     $myusername = mysqli_real_escape_string($db,$_POST['username']);
      $mypassword = mysqli_real_escape_string($db,$_POST['password']); 
       $hashedPassword = "SELECT id FROM users WHERE username = '$myusername' and  password = '$mypassword'";


      $result = mysqli_query($db,$hashedPassword);
      $row = mysqli_fetch_array($result,MYSQLI_ASSOC);
      $active = $row['active'];

      $count = mysqli_num_rows($result);

      // If result matched $myusername and $mypassword, table row must be 1 row

      if($count == 1 && (password_verify($mypassword,$hashedPassword))) {

         $_SESSION['login_user'] = $myusername;

         header("location: user/adminhome.php");
      }else {
         $error = "Your Login Name or Password is invalid";
      }

}

2 个解决方案

解决方案1
 1  2017-02-16 03:47:29

$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
$hashedPassword = password_hash($password);
$query = "SELECT id FROM users WHERE username = '$username' and  password = '$hashedPassword'";

$result = mysqli_query($db, $query);

解决方案2
 -2 已采纳  2017-02-16 04:35:16

将您的login.php代码替换为以下内容。 我对您的代码做了一些调整。 希望它会起作用。 确保仔细检查差异。 :) 

 <?php
 session_start();

 if($_SERVER["REQUEST_METHOD"] == "POST") {

    $myusername = mysqli_real_escape_string($db,$_POST['username']);
    $mypassword = $_POST['password'];           // no need to real escape this

    // query for getting hashed password for the $myusername
    $hashedPasswordQry = "SELECT password FROM users WHERE username = '$myusername'";


    $result = mysqli_query($db,$hashedPasswordQry);
    $row = mysqli_fetch_array($result,MYSQLI_ASSOC);
    $active = $row['active'];

    $count = mysqli_num_rows($result);

    // If result matched $myusername and $mypassword, table row must be 1 row
    if($count == 1 && (password_verify($mypassword, $row['password']))) {

        $_SESSION['login_user'] = $myusername;
        header("location: user/adminhome.php");

    }else {

     $error = "Your Login Name or Password is invalid";

    }

}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 cakephp不会在登录时哈希密码,而仅在注册时 无法使用我的哈希密码登录,但只有一个用户可以登录 使用哈希密码php登录 Codeigniter 和 hash 登录密码? 用户登录在带有 sql server 的 laravel 中不起作用。 之前创建的数据库 如果默认的password_hash哈希值已在php中更新,这是否会影响用户将来的登录尝试? 用户使用单个查询和每用户密码盐登录 password_verify使用password_hash错误在登录时将用户存储在会话中 在pdo登录中添加密码hash PHP登录系统密码哈希和密码验证
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM