使用 password_hash 登录系统 [英] Login system with password_hash

问题描述

我正在尝试登录由管理员添加的用户，但是当我按下登录时，没有任何反应，只有一个带有 login.php 标题的空白页面.这是我用来添加用户的代码:

 <!DOCTYPE html><头><title>添加学生</title><link rel="stylesheet" type="text/css" href="boosttrap.min.css"><link rel="stylesheet" type="text/css" href="style.css"><身体><form action="adduser.php" method="POST"><div><h2>用户名将自动生成<br/><label>密码</label><input type="password" name="s_password" class="form-control" placeholder="输入新密码"><br/><label>名称</label><input type="text" name="s_name" class="form-control" placeholder="输入名称"><br/><label>姓氏</label><input type="text" name="s_surname" class="form-control" placeholder="输入姓氏"><br/><label>出生日期</label><input type="date" name="s_dob" class="form-control" placeholder="输入出生日期"><br/><label>年份组</label><选择名称="s_yeargroup"><option selected = "true" disabled="disabled">从下面选择一个...</option><option value=1 >7</option><选项值=2>8<选项值=3>9<选项值=4>10<选项值=5>11</选择><br/><button type="sumbit" name="btnAddUser" class="float" value ="Login">创建新用户</button>

</表单><a href="../logout.php">注销</a><?phpif(isset($_POST["btnAddUser"])){$hashed_pa​​ssword = password_hash($_POST['s_password'], PASSWORD_DEFAULT);$name = $_POST["s_name"];$surname = $_POST["s_surname"];$dob = $_POST["s_dob"];$yeargroup = $_POST["s_yeargroup"];$usernamenew = substr($name, 0, 1);$usernamenew1 = substr($surname, 0, 4);$usernamenew3= $usernamenew.$usernamenew1;$sql = "插入 tbluser (用户名, 密码, 角色) 值 ('$usernamenew3', '$hashed_pa​​ssword', 'Student')";if(!mysqli_query($conn,$sql)){echo "用户名或密码错误";}别的{echo "用户名和密码创建成功，用户名是".$usernamenew3.".";}$sql4="SELECT ID FROM tbluser WHERE Username = '$usernamenew3'";$result1=mysqli_query($conn,$sql4);$row= mysqli_fetch_assoc($result1);$userid=$row['ID'];$sql1 = "INSERT INTO student (name, surname, dob, yeargroup_id, tbluser_ID) VALUES ('$name','$surname','$dob','$yeargroup','$userid')";if(!mysqli_query($conn,$sql1)){echo "学生信息错误";}别的{echo " \r\n学生添加成功.";}}?>

这是我用来登录用户的代码

prepare("SELECT Username, Password FROM tbluser WHERE Username = ?");$stmt->bind_param("s",$_POST["用户名"]);$stmt->execute();$result = $stmt->get_result();if(mysqli_num_rows($result) > 0){while ($row = mysqli_fetch_assoc($result)){if(password_verify($password, $row["密码"])){if($row["Role"] == "Admin"){$_SESSION['AdminUser'] = $row["用户名"];$_SESSION['adminid']= $row["ID"];$_SESSION['role'] = $row["Role"];header('位置:admin/admin.php');}elseif($row["Role"] == "Teacher"){$_SESSION['ProfUser'] = $row["Username"];$_SESSION['teacherid']= $row["ID"];$_SESSION['role'] = $row["Role"];header('位置:老师/prof.php');}elseif($row["角色"] == "学生"){$_SESSION['StudentUser'] = $row["Username"];$_SESSION['studentid']= $row["ID"];$_SESSION['role'] = $row["Role"];header('位置:student/student.php');}别的echo "角色未被识别";}}}}

如果有人能发现我的错误，我将不胜感激.谢谢我的数据库，以备不时之需.

解决方案

来自 password_hash 文档，password_hash 和 PASSWORD_BCRYPT，产生一个 60 个字符长的字符串，其他算法可能产生更长的字符串.您在数据库中的 Password 字段只有 45 个字符.

根据文档中的建议，您应该将字段大小增加到 255.

I am trying to login users that are added by an admin, but when I press login, nothing happens, just a blank page with the header login.php. Here is the code I use to add users:

    <?php 
    include "connection.php";
 ?>

<!DOCTYPE html>
<html>
<head>
    <title>Add students</title>
    <link rel="stylesheet" type="text/css" href="boosttrap.min.css">
    <link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
            <form action="adduser.php" method="POST">
                <div>
                    <h2>
                        Username will be generated automatically
                    </h2>
<br/>
                    <label>Password</label>
                    <input type="password" name="s_password" class="form-control" placeholder="Enter new passowrd">        
<br/>
                    <label>Name</label>
                    <input type="text" name="s_name" class="form-control" placeholder="Enter name">
<br/>
                    <label>Surname</label>
                    <input type="text" name="s_surname" class="form-control" placeholder="Enter surname">
<br/>
                    <label>Date of birth</label>
                    <input type="date" name="s_dob" class="form-control" placeholder="Enter Date of birth">
<br/>
                    <label>Year group</label>
                    <select name ="s_yeargroup">
                        <option  selected = "true" disabled="disabled"> Select one from below...</option>
                            <option value=1 >7</option>
                            <option value=2> 8</option>
                            <option value=3> 9</option>
                            <option value=4> 10</option>
                            <option value=5> 11</option>
                    </select>
<br/>
                    <button type="sumbit" name="btnAddUser" class="float" value ="Login">Create New User</button>
                </div>
            </form>
            <a href="../logout.php">Logout</a>
</body>


<?php 

if(isset($_POST["btnAddUser"])){

        $hashed_password = password_hash($_POST['s_password'], PASSWORD_DEFAULT);
        $name = $_POST["s_name"];
        $surname = $_POST["s_surname"];
        $dob = $_POST["s_dob"];
        $yeargroup = $_POST["s_yeargroup"];

$usernamenew = substr($name, 0, 1);
$usernamenew1 = substr($surname, 0, 4);
$usernamenew3= $usernamenew.$usernamenew1;
$sql = "INSERT INTO tbluser (Username, Password, Role) VALUES ('$usernamenew3', '$hashed_password', 'Student')"; 
if(!mysqli_query($conn,$sql))
 {
    echo "Error with Username or password";
 }
 else 
 {
    echo "Username and password created successfully. The username is ".$usernamenew3.".";
 }
$sql4= "SELECT ID FROM tbluser WHERE Username = '$usernamenew3'";
$result1= mysqli_query($conn,$sql4);
$row= mysqli_fetch_assoc($result1);
$userid=$row['ID'];

$sql1 = "INSERT INTO student (name, surname, dob, yeargroup_id, tbluser_ID) VALUES ('$name','$surname','$dob','$yeargroup','$userid')";
if(!mysqli_query($conn,$sql1))
 {
    echo "Error with Student info";
 }
 else 
 {
    echo " \r\nStudent has been added successfully.";
}
}
?>

And here is my code that I use to login users

<?php
session_start();
require_once "connection.php";
$message = "";
$role = "";
if(isset($_POST["btnLogin"]))
{
    $password = $_POST["password"];
    $stmt=$conn->prepare("SELECT Username, Password FROM tbluser WHERE Username = ? ");
    $stmt-> bind_param("s",$_POST["username"]);
    $stmt->execute();


    $result = $stmt->get_result();
    if(mysqli_num_rows($result) > 0)
    {
        while ($row = mysqli_fetch_assoc($result))
        {
            if(password_verify($password, $row["Password"]))
            {
                if($row["Role"] == "Admin")
                {
                    $_SESSION['AdminUser'] = $row["Username"]; 
                    $_SESSION['adminid']= $row["ID"];
                    $_SESSION['role'] = $row["Role"];
                    header('Location: admin/admin.php');
                }
                elseif($row["Role"] == "Teacher")
                {
                    $_SESSION['ProfUser'] = $row["Username"];
                    $_SESSION['teacherid']= $row["ID"];
                    $_SESSION['role'] = $row["Role"];
                    header('Location: teacher/prof.php');

                }
                elseif($row["Role"] == "Student")
                {
                    $_SESSION['StudentUser'] = $row["Username"];
                    $_SESSION['studentid']= $row["ID"];
                    $_SESSION['role'] = $row["Role"];
                    header('Location: student/student.php');    
                }
                else
                    echo "Role is not recognised";
            }   
        }
    }
}

If anyone could find my mistake, I would appreciate it. Thank you My database in case you need it.

解决方案

From the password_hash documentation, password_hash with PASSWORD_BCRYPT, produces a string 60 characters long and other algorithms might produce even longer. Your Password field in the database is only 45 characters.

As per recommendation from the documentation, you should increase the field size to 255.

这篇关于使用 password_hash 登录系统的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！