我试图让用户根据条件在一个登录表单上登录两个不同的区域。我遇到的问题是,如果提供了正确的密码,一切正常,但是如果提供了错误的密码,没有任何反应,它甚至不会回显密码错误警报!可能有什么问题,我的代码还可以吗?
由于
if(isset($_POST['login'])){
$username=$_POST['username'];
$password=$_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = $username;
$password = $password;
//$pass = md5($password);
$stmt = $pdo->prepare("SELECT password FROM table WHERE username=:username");
$stmt->bindValue(':username', $username, PDO::PARAM_STR);
$stmt->execute();
if($stmt->rowCount()<1){
echo 'INVALID USERNAME OR PASSWORD';
}else{
$password = $_POST['password'];
list($hash) = $stmt->fetch(PDO::FETCH_NUM);
if (password_verify($password, $hash)) {
$_SESSION['username'] = $username;
$status1 = "COMPLETED";
$status2 = "UNCOMPLETED";
$stmt = $pdo->query("SELECT status FROM table WHERE username ='$_SESSION[username]'");
$check = $stmt->fetch(PDO::FETCH_ASSOC);
$status = $check['status'];
if(strcmp($status, $status1) == 0){
header("location: completed/index.php");
exit();
}elseif(strcmp($status, $status2) == 0){
header("location: uncompleted/index.php");
exit();
}else{
echo 'INVALID USERNAME OR PASSWORD';
}
}
}
}
答案 0 :(得分:0)
我认为问题在于你没有处理password_verify($password, $hash)在if语句中返回false的情况。我在下面处理了它:
if (isset($_POST['login'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = $username;
$password = $password;
//$pass = md5($password);
$stmt = $pdo->prepare("SELECT password FROM table WHERE username=:username");
$stmt->bindValue(':username', $username, PDO::PARAM_STR);
$stmt->execute();
if ($stmt->rowCount() < 1) {
echo 'INVALID USERNAME OR PASSWORD';
} else {
$password = $_POST['password'];
list($hash) = $stmt->fetch(PDO::FETCH_NUM);
if (password_verify($password, $hash)) {
$_SESSION['username'] = $username;
$status1 = "COMPLETED";
$status2 = "UNCOMPLETED";
$stmt = $pdo->query("SELECT status FROM table WHERE username ='$_SESSION[username]'");
$check = $stmt->fetch(PDO::FETCH_ASSOC);
$status = $check['status'];
if (strcmp($status, $status1) == 0) {
header("location: completed/index.php");
exit();
} elseif (strcmp($status, $status2) == 0) {
header("location: uncompleted/index.php");
exit();
} else {
echo 'INVALID USERNAME OR PASSWORD';
}
} else {
// handle wrong password here
echo 'INVALID PASSWORD';
}
}
}
我希望这会有所帮助。
答案 1 :(得分:0)
问题是我的其他人在错误的地方。我在if / elseif strcmp语句之后得到了它。它应该在if(password_verify($ password,$ hash))块之后。
从phpfreak论坛注意到了。给他的信用 因此正确的代码:
if(isset($_POST['login']))
{
$username = stripslashes($_POST['username']);
$password = stripslashes($_POST['password']);
$stmt = $pdo->prepare("SELECT password FROM table WHERE username=:username");
$stmt->bindValue(':username', $username, PDO::PARAM_STR);
$stmt->execute();
if($stmt->rowCount()<1)
{
echo '<div class="signals"><p class="bg-warning text-center warning"><button type="button" class="close" aria-label="Close"><span aria-hidden="true">×</span></button>INVALID USERNAME OR PASSWORD</div></p>';
}
else
{
$password = $_POST['password'];
list($hash) = $stmt->fetch(PDO::FETCH_NUM);
if (password_verify($password, $hash))
{
$_SESSION['username'] = $username;
$status1 = "COMPLETED";
$status2 = "UNCOMPLETED";
$stmt = $pdo->query("SELECT status FROM table WHERE username ='$_SESSION[username]'");
$check = $stmt->fetch(PDO::FETCH_ASSOC);
$status = $check['status'];
if(strcmp($status, $status1) == 0)
{
header("location: completed/index.php");
exit();
}
elseif(strcmp($status, $status2) == 0)
{
header("location: uncompleted/index.php");
exit();
}
}
else
{
echo '<div class="signals"><p class="bg-warning text-center warning"><button type="button" class="close" aria-label="Close"><span aria-hidden="true">×</span></button>INVALID USERNAME OR PASSWORD again</div></p>';
}
}
}