我正在登录页面上,偶然发现了这个问题,无论我写什么密码都可以登录。
我检查了$ password,$ row ['password'],$ pwdCheck的值,并且都具有了需要的值。
哈希密码将保存在varchar(255)中。 我仔细检查了姓名和我想到的所有内容,但如果您有想到,请告诉我。 据我所知,问题出在password_verify。
我知道这不是制作登录页面的最佳做法,但目前可以正常工作。
谢谢
<?php
if ( isset($_POST['login-submit']) ) {
require '../../files/includes/functions.php';
$mysqli = get_db();
$email = $_POST['email'];
$password = $_POST['password'];
// check if the email is in the database
$sql ='SELECT * FROM taxisvl_diritems WHERE email =?';
$stmt = mysqli_stmt_init($mysqli);
if ( empty($email) || empty($password) ) {
header("Location: /inloggen?error=emptyfields");
exit();
}
else {
// check to see if we can run the query
if ( !mysqli_stmt_prepare($stmt,$sql) ) {
header("Location: /inloggen?error=sqlerror");
exit();
}
else {
// bind the value to the parameter in the query statement
mysqli_stmt_bind_param($stmt, 's', $email);
// run the query
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
// check if we have a result for the given email
if ( $row = mysqli_fetch_assoc($result) ) {
// check the password
$pwdCheck = password_verify($password, $row['password']);
if ( $pwdCheck = true) {
// user is logged in
// create sessions to retreive users info
$_SESSION['id'] = $row['id'];
$_SESSION['email'] = $row['email'];
$_SESSION['name'] = $row['name'];
header("Location: /dashboard");
exit();
}
else {
header("Location: /inloggen?error=wrngpassword");
exit();
}
}
else {
header("Location: /inloggen?error=wrngemail");
exit();
}
}
}
} else {
echo 'Login not set';
}
?>```