[英]password_verify always invalid password although password is correct
[英]Why i can login without correct password? Why password_verify always returns true?
为什么我没有正确的密码就可以登录? 我的 Class 用户具有登录功能,如下所述,并且我添加了 password_verify,有趣的是,无论我输入什么密码,无论密码正确或不正确,我都会始终登录系统。
数据库连接是 PDO。 我知道这里有很多错误,但我是初学者。
你能帮我吗?
public function loginUser($email, $password) {
try {
require './database.php';
switch ($_POST['type']) {
case 'Buyer':
$stmt = $conn->prepare("SELECT * FROM buyer WHERE email=:email");
break;
case 'Seller':
$stmt = $conn->prepare("SELECT * FROM seller WHERE email=:email");
break;
default:
break;
}
$stmt->execute(array(
':email' => $email
));
$userRow = $stmt->fetch(PDO::FETCH_ASSOC);
if ($stmt->rowCount() > 0) {
if (password_verify($password, $userRow['password'])) {
switch ($_POST['type']) {
case 'Buyer':
$_SESSION['type'] = $_POST['type'];
$_SESSION['user_id'] = $userRow['buyer_id'];
$_SESSION['buyer_name'] = $userRow['buyer_name'];
$_SESSION['email'] = $userRow['email'];
$_SESSION['password'] = $userRow['password'];
$_SESSION['phone'] = $userRow['phone'];
$_SESSION['description'] = $userRow['description'];
return true;
break;
case 'Seller':
$_SESSION['type'] = $_POST['type'];
$_SESSION['user_id'] = $userRow['seller_id'];
$_SESSION['buyer_name'] = $userRow['seller_name'];
$_SESSION['email'] = $userRow['email'];
$_SESSION['password'] = $userRow['password'];
$_SESSION['phone'] = $userRow['phone'];
$_SESSION['description'] = $userRow['description'];
return true;
break;
default:
break;
}
} else {
return false;
}
}
}
catch (PDOException $e) {
echo $e->getMessage();
}
}
我解决了这个问题。 问题是因为我在函数中确实需要 './database.php',而 database.php 有 $password = "",他将每个密码更改为空字符串。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.