php登录密码_验证 [英] Php login password_verify
问题描述
我正在学习如何使用准备好的语句,我想我会尝试使用 password_hash()
和 password_verify(
) 函数的登录系统(简单).我已经成功地使用准备好的语句插入了数据,现在我想验证密码并与用户做一些事情.
I am learning how to use prepared statements and I thought I would try out a login system (simple) using the password_hash()
and password_verify(
) functions. I have succesffuly inserted data in using prepared statemernts, now I wish to verify the password and do something with the user.
我似乎在这个阶段恢复了我的失败信息:
I seem to be getting back my fail message at this stage:
$stmt = $conn->prepare("SELECT username, password FROM users WHERE username = ?");
$stmt->bind_param('s', $username);
$username = $_POST['ulogin'];
$password = $_POST['upassword'];
$stmt->execute();
$stmt->bind_result($username, $password);
$row = $stmt->fetch();
if ($stmt->num_rows == 1) {
if (password_verify($password, $row['user_password'])) {
echo 'success';
}
} else {
echo "Wrong data";
}
$stmt->close();
$conn->close();
如果我执行 var_dump($stmt->fetch());
并且登录用户名正确,则返回为 bool(true)
If I do a var_dump($stmt->fetch());
and the login username is correct is comes back as bool(true)
我现在不知道如何尝试验证密码.
Im not sure how to attempt to verify the password now.
推荐答案
<?php
$stmt = $conn->prepare("SELECT username, password FROM users WHERE username = ?");
$stmt->bind_param('s', $username);
$username = $_POST['ulogin'];
$password = $_POST['upassword'];
$stmt->execute();
$stmt->bind_result($username, $password);
$row = $stmt->fetch(); //fetch DB results
if (!empty($row)) { // checks if the user actually exists(true/false returned)
if (password_verify($_POST['upassword'], $row['password'])) {
echo 'success'; // password_verify success!
} else {
echo 'failed';
}
} else {
echo "This user does not exist"; //email entered does not match any in DB
}
$stmt->close();
$conn->close();
您不需要检查行数.如果由于任何原因未验证密码,也有一个 else 语句
You do not necessarilly need to check for number of rows. Also have an else statement if the password is not verified for any reason
这篇关于php登录密码_验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!