[英]Can't login with hashed password - Mysqli PHP
我在注册页面上用下一个代码对我的密码进行了哈希处理:
$c_pass = $_POST['c_pass'];
$storePassword = password_hash($c_pass, PASSWORD_BCRYPT, array('cost' => 10));
在登录页面上我有这个代码:
$customer_email = $_POST['c_email'];
$customer_pass = $_POST['c_pass'];
$select_customer = "select * from customers where customer_email='$customer_email' AND customer_pass='$customer_pass'";
尝试登录时,他们会弹出一个错误屏幕,提示我的凭据无效。 我尝试使用
if(password_verify($customer_password,$row['c_pass'])){
但是请注意帮助我,有人可以为此写我的解决方案,因为我找不到解决方案。
您应该从WHERE
子句中删除AND
,因为当用户在登录表单输入中键入他/她的密码时,它将是非散列的,因此您永远不会通过复合条件 email + 密码检索用户。 相反,您应该通过标识符(用户名或电子邮件)找到用户,然后您应该将来自登录表单密码输入的原始密码与来自数据库的哈希值进行比较。 因此,请查看以下内容:
$mysqli = new mysqli('host', 'user', 'password', 'db_name');
// these are submitted input values from the login form which you handle
$email = $_POST['c_email'];
$password = $_POST['c_password'];
// build your query with prepared statements which will retrieve
// the user from the database with login form submitted email
$stmt = $mysqli->prepare('select * from customers where customer_email = ?');
$stmt->bind_param('s', $email);
$stmt->execute();
$result = $stmt->get_result();
$customer = $result->fetch_assoc();
if (empty($customer)) {
// no user found by this email, so send to user response message
// that your system cannot find any customer by provided email
return false;
}
// here you compare the typed user login password versus the fetched user's password from the database by the provided user email
if (password_verify($password, $customer['c_pass'])) {
// ok, so the password comparison match
} else {
// invalid password
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.