请帮助,我试图使登录系统。似乎没有错误,但当我试图使用用户名和密码登录时,它一直说这是无效的。下面是代码。
CREATE TABLE IF NOT EXISTS `login` (
`idlogin` int(2) NOT NULL,
`username` varchar(20) NOT NULL,
`password` varchar(30) NOT NULL,
`nama` varchar(20) DEFAULT NULL,
`email` varchar(30) DEFAULT NULL,
`telepon` varchar(13) DEFAULT NULL,
`level` varchar(13) NOT NULL
) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1;
config。
?php
session_start();
$DB_host = "localhost";
$DB_user = "root";
$DB_pass = "pwd";
$DB_name = "dataseminar";
try
{
$DB_con = new PDO("mysql:host={$DB_host};dbname={$DB_name}",$DB_user,$DB_pass);
$DB_con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
include_once 'class_user.php';
$user = new USER($DB_con);
?>
newlogin.php
<?php
require_once 'config.php';
if($user->is_loggedin()!="")
{
$user->redirect('home.php');
}
if(isset($_POST['loginsbtn']))
{
$username = $_POST['usrname'];
$password = $_POST['pass'];
if($user->login($username,$password))
{
$user->redirect('home.php');
}
else
{
$error = "Invalid username or password ";
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="stylesheet" href="bootstrap/css/bootstrap.min.css">
<link rel="stylesheet" href="menubarcss.css">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style type="text/css">
h1{
font-family:Arial black;
text-align: center;
color:grey;
}
h3{
font-family:Arial black;
text-align: center;
color:grey;
}
</style>
<title>Login</title>
</head>
<body>
<h1>APLIKASI PENGELOLA DATA SEMINAR DAN PELATIHAN</h1>
<div class="container">
<br/><br/><br/>
<h2 align="center">Silahkan Login terlebih dahulu</h2>
<table class="table table-striped table-bordered table-condensed" align="center">
<form method="post">
<hr />
<?php
if(isset($error))
{
?>
<div class="alert alert-danger">
<i class="glyphicon glyphicon-warning-sign"></i> <?php echo $error; ?> !
</div>
<?php
}
?>
<tr>
<td>Username</td>
<td><input type="text" name="usrname" placeholder="Username" required></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="pass" placeholder="Password" required></td>
</tr>
<tr>
<td colspan="2">
<input type="submit" class="btn btn-block btn-primary" name="loginsbtn" value="LOGIN">
<input type="reset" class="btn btn-block btn-primary" name="clearbtn" value="CLEAR">
</td>
</tr>
</form>
<label>Belum punya akun ? <a href="createlogin.php">Sign Up</a></label>
</table>
</div>
</body>
</html>
class_user.php
<?php
class USER
{
private $db;
function __construct($DB_con)
{
$this->db = $DB_con;
}
public function register($username,$password,$nama,$email,$telepon,$level)
{
try
{
$new_password = password_hash($password, PASSWORD_DEFAULT);
$stmt = $this->db->prepare("INSERT INTO LOGIN(username,password,nama,email,telepon,level)
VALUES(:username, :password, :nama, :email, :telepon, :level)");
$stmt->bindparam(":username", $username);
$stmt->bindparam(":password", $new_password);
$stmt->bindparam(":email", $email);
$stmt->bindparam(":nama", $nama);
$stmt->bindparam(":telepon", $telepon);
$stmt->bindparam(":level", $level);
$stmt->execute();
return $stmt;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function login($username,$password)
{
try
{
$stmt = $this->db->prepare("SELECT * FROM login WHERE username=:username LIMIT 1");
$stmt->execute(array(':username'=>$username));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
if($stmt->rowCount() > 0)
{
if(password_verify($password, $userRow['password']))
{
$_SESSION['user_session'] = $userRow['idLogin'];
return true;
}
else
{
return false;
}
}
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function is_loggedin()
{
if(isset($_SESSION['user_session']))
{
return true;
}
}
public function redirect($url)
{
header("Location: $url");
}
public function logout()
{
session_destroy();
unset($_SESSION['user_session']);
return true;
}
}
?>
这里的问题是因为这个varchar(30)是为您的密码列设置的。
`password` varchar(30) NOT NULL,
长度不足以容纳password_hash()生成的哈希。
将列改为varchar(255)
这就是它静默失败的原因。
如果我错了,那么它在这方面起着重要作用。
您还应该确保没有空格包含在任何地方。
另外,您可能希望增加其他一些列的长度。
参考:- http://php.net/manual/en/function.password-hash.php
"注意,这个常数被设计为随着时间的推移,新的和更强的算法被添加到PHP。因此,使用此标识符产生的结果的长度可能会随时间变化。因此,建议将结果存储在可以扩展超过60个字符的数据库列中(255个字符将是一个不错的选择)。"
$2y$10$.vGA1O9wmRjrwAVXD98HNOgsNpDczlqm3Jq7KnEd1rVAGv3Fykk1a
^ stops there at 30
从手册中取出:
/**
* We just want to hash our password using the current DEFAULT algorithm.
* This is presently BCRYPT, and will produce a 60 character result.
*
* Beware that DEFAULT may change over time, so you would want to prepare
* By allowing your storage to expand past 60 characters (255 would be good)
*/
Plus, bindparam我看到这个失败了很多次,小写的"p"。你可能想用大写"P"的bindParam。
也要注意你的问题下留下的评论