这是我到目前为止注册页面登录页面和主页的以下代码。注意我只张贴php我知道一切都在工作,除了用户id会话。我连接到我的数据库,行1是id,是主键。
这里是注册php
<?php
require ("func/insert.php");
if(isset($_POST['Submit']))
{
$first_name = mysqli_real_escape_string($con, $_POST ['first_name']);
$last_name= mysqli_real_escape_string($con, $_POST ['last_name']);
$email= mysqli_real_escape_string($con, $_POST ['email']);
$password= $_POST ['password'];
$StorePassword= password_hash($password, PASSWORD_BCRYPT, array('cost' => 10));
$sql = $con->query("INSERT INTO users ( first_name, last_name, email, password)
VALUES ( ' {$first_name} ' , ' {$last_name} ' , ' {$email} ' , ' {$StorePassword} ' )");
header('Location: login.php');
}
?>
这是登录php
<?php require ("func/insert.php"); ?>
<?php
if(isset($_POST['Login']))
{
$email= mysqli_real_escape_string(htmlentities($con, $_POST ['email']));
$password= mysqli_real_escape_string(htmlentities($con, $_POST ['password']));
$result = $con->query(" select * from users where email='$email' AND password='$password' ");
$row = $result->fetch_array(MYSQLI_BOTH);
session_start();
$_SESSION['UserID'] = $row['id']; //thinking this is the problem
header ('Location: home.php');
}
这里是主php
<?php require ("func/insert.php"); ?>
<?php
session_start();
if (isset($_SESSION['UserID'])) {
}
else {
echo "This session is not working.";
}
?>
看起来您正在将存储和散列密码再次与非散列密码进行比较。
login这一行是你的密码:
$password= mysqli_real_escape_string(htmlentities($con, $_POST ['password']));
然后与存储在数据库中的密码进行比较。不过密码已经在sign。php
中散列了 $StorePassword= password_hash($password, PASSWORD_BCRYPT, array('cost' => 10));
尝试在登录时散列输入密码。
$TryPassword= password_hash($_POST ['password'], PASSWORD_BCRYPT, array('cost' => 10));
然后SQL:
$result = $con->query(" select * from users where email='$email' AND password='$TryPassword' ");
在重定向到下一页之前,通过确保返回一行来调试它!
print_r($result);