我正在为我的项目网站进行注册和登录。注册过程很顺利,一切正常,我设置了一些安全条件,然后登录,以为会更轻松。
代码似乎很好,因为我没有收到任何错误-但是$ passwordCheck似乎总是返回false,最终返回错误消息回到我的index.php。我尝试将其与== /!==进行比较,但是哈希密码与输入的密码不匹配(似乎很正常,因为我认为它是比较字符串,而不是实际的哈希密码)。在这一点上,我认为我的password_verify函数存在问题,但随后我尝试使用数据库中的哈希密码设置$ hash,以查看其是否与登录期间用户输入的密码匹配。它也不行。
我的结论是,我以某种方式弄乱了password_verify,或者我有一个错误的sql查询,并且将数据库中的错误记录与用户输入进行了比较。但是我找不到任何解决方案,有人看到吗?
我的login.php代码:
<?php
if (isset($_POST['submit-log'])) {
require 'db.php';
$login = $_POST['login-login'];
$password = $_POST['password-login'];
if (empty($login) || empty($password)) {
header("location: ../index.php?error=emptyfields");
exit();
}
else {
$sql = "SELECT * FROM users WHERE login=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("location: ../index.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "s", $login);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$passwordCheck = password_verify($password, $row['password']);
if ($passwordCheck == false) {
header("location: ../index.php?error=wrongpassword");
exit();
}
else if ($passwordCheck == true) {
session_start();
$_SESSION['login'] = $row['login'];
$_SESSION['name'] = $row['name'];
$_SESSION['surname'] = $row['surname'];
$_SESSION['email'] = $row['email'];
header("location: ../account.php?login=success");
exit();
}
else {
header("location: ../index.php?error=wrongpassword");
exit();
}
}
else {
header("location: ../index.php?error=nouser");
exit();
}
}
}
}
else {
header("location: ../index.php");
exit();
}
还有一个register.php以便更好地查看:
<?php
if (isset($_POST['submit-sign'])) {
require 'db.php';
$login = $_POST['login'];
$password = $_POST['password'];
$password2 = $_POST['password-check'];
$name = $_POST['name'];
$surname = $_POST['surname'];
$email = $_POST['email'];
if (empty($login) || empty($password) || empty($password2) || empty($name) || empty($surname) || empty($email)) {
header("location: ../index.php?error=emptyfields&login=".$login."&name=".$name."&surname=".$surname."&email=".email);
exit();
}
else if (!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-Z0-9]*$/", $login)) {
header("location: ../index.php?error=invalidemaillogin");
exit();
}
else if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("location: ../index.php?error=invalidemail&login=".$login);
exit();
}
else if (!preg_match("/^[a-zA-Z0-9]*$/", $login)) {
header("location: ../index.php?error=invalidlogin&email=".$email);
exit();
}
else if ($password !== $password2) {
header("location: ../index.php?error=passwordmatcherror&login=".$login."&email=".$email);
exit();
}
else {
$sql = "SELECT login, email FROM users WHERE login=? OR email=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("location: ../index.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "ss", $login, $email);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if ($resultCheck > 0) {
header("location: ../index.php?error=loginoremailtaken");
exit();
}
else {
$sql = "INSERT INTO users (login, password, name, surname, email) VALUES(?, ?, ?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("location: ../index.php?error=sqlerror");
exit();
}
else {
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "sssss", $login, $hashedPassword, $name, $surname, $email);
mysqli_stmt_execute($stmt);
header("location: ../account.php?signup=success");
exit();
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}
else {
header("location: ../index.php");
exit();
}
更新:我对此没有做任何更改,正在测试其他文件中的内容-当我想再检查一次时-奇迹发生了并且行得通。我只能说是上帝之手。