[英]How can i use PHP to verify if both password and pin is correct before logging in?
我正在使用以下脚本登录用户,此时用户发布电子邮件和密码,如果正确,则用户登录:
<?php
/* User login process, checks if user exists and password is correct */
// Escape email to protect against SQL injections
$email = $mysqli->escape_string($_POST['email']);
$result = $mysqli->query("SELECT * FROM users WHERE email='$email'");
if ( $result->num_rows == 0 ){ // User doesn't exist
$_SESSION['message'] = "User with that email doesn't exist!";
header("location: error.php");
}
else { // User exists
$user = $result->fetch_assoc();
if ( password_verify($_POST['password'], $user['password']) ) {
$_SESSION['email'] = $user['email'];
$_SESSION['first_name'] = $user['first_name'];
$_SESSION['last_name'] = $user['last_name'];
$_SESSION['active'] = $user['active'];
// This is how we'll know the user is logged in
$_SESSION['logged_in'] = true;
header("location: profile.php");
}
else {
$_SESSION['message'] = "You have entered wrong password, try again!";
header("location: error.php");
}
}
我在注册表单中添加了一列“pin”并将其添加到数据库中,并且在注册时设置了一个 pin,但是我正在努力获取上面的登录代码以验证输入的 pin 是否也正确,pin 是也通过登录表单中的 POST 发送。 我试过这个:
else { // User exists
$user = $result->fetch_assoc();
if ( password_verify($_POST['password'], $user['password']) && ( password_verify($_POST['pin'], $user['pin']) ) {
$_SESSION['email'] = $user['email'];
$_SESSION['first_name'] = $user['first_name'];
$_SESSION['last_name'] = $user['last_name'];
$_SESSION['active'] = $user['active'];
但是我似乎无法获得正确的语法,password_verify 也用于散列密码,但是 pin 没有散列。
如何修改此登录脚本以在登录前检查密码和未散列的 PIN 码?
如果 pin 未散列,则将其作为字符串进行比较。
if (password_verify($_POST['password'], $user['password']) &&
(strcmp($_POST['pin'], $user['pin']) == 0)) {
// Do you stuff
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.