password_hash()不起作用 [英] password_hash() not working

查看:156
本文介绍了password_hash()不起作用的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

任何人都可以指导我在哪里做错了.密码哈希工作正常,并存储在我的数据库中,但是当我尝试使用真实密码(如(123))登录时,它无法登录.谢谢!

Can anyone please guide me where I'm doing mistake. Password hashing is working fine and gets stored in my database but when I'm try to login using real password like (123), it's not logging me in. Thank you! 

    <?php
        // registration script
        if (isset($_POST['submit'])) {

            $user_name = $_POST['username'];
            $user_email = $_POST['email'];
            $user_pass = $_POST['password'];

            $query = "SELECT * FROM users where Email = '" . $_POST["email"] . "'";
            $result = $obj->run_query($query);

            if ($count = mysqli_num_rows($result) == 0) {

                $query = "INSERT INTO users (Name, Email, Pass) VALUES('" . $user_name . "', '" . $user_email . "', '" . password_hash($user_pass, PASSWORD_DEFAULT) . "')";
                $result = $obj->run_query($query);

                echo "<script>alert('You have successfully Registered!')</script>";
                echo "<script>window.open('welcome.php','_self')</script>";

            } else {

                echo "<script>alert('This user email $user_email is already exist!')</script>";
            }
        }

    // login script
    if (isset($_POST['login'])) {

        $name = $_POST['name'];
        $email = $_POST['email'];
        $password = password_hash($_POST['pass'], PASSWORD_DEFAULT);


        $query = "SELECT * FROM users WHERE Email = '$email' AND Pass = '$password'";
        $result = $obj->run_query($query);

        if ($count = mysqli_num_rows($result) > 0) {

            $_SESSION['email'] = $email;
            $_SESSION['name'] = $name;

            echo "<script>window.open('welcome.php','_self')</script>";

        } else 

        {
            echo "<script>alert('Your email or password is incorrect!')</script>";
        }

    }

?>

推荐答案

您需要自己纠正SQL注入问题,这只是演示如何使用password_verify()

You'll need to correct the SQL injection issues yourself, this is simply to demonstrate how to use password_verify()

// login script
if (isset($_POST['login'])) {

    $name = $_POST['name'];
    $email = $_POST['email'];
    $password = $_POST['pass'];


    $query = "SELECT * FROM users WHERE Email = '$email'";
    $result = $obj->run_query($query);

    if ($count = mysqli_num_rows($result) > 0) {
        $row = $result->fetch_object();
        if (password_verify($password, $row->Pass)) {
            $_SESSION['email'] = $email;
            $_SESSION['name'] = $name;

            echo "<script>window.open('welcome.php','_self')</script>";
        } else {
            echo "<script>alert('Your email or password is incorrect!')</script>";
        }
    } else {
        echo "<script>alert('Your email or password is incorrect!')</script>";
    }

}

这篇关于password_hash()不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆