好的,所以当我定义变量'$password'是什么时,我使用'sha1'对密码进行哈希,然后在登录阶段,我再次使用'sha1' 但是我的错误消息无效登录凭据是唯一要发生的事情。
Registration.php
$password = sha1($_POST['password']);
$password_escaped = mysqli_real_escape_string ($db, $password);
$query = "INSERT INTO admin (forename,surname,email,securityq, securitya,password) VALUES ('$forename_escaped','$surname_escaped','$email_escaped','$securityq_escaped','$securitya_escaped','$password_escaped')";
login。
if (!empty($_POST['email']))
{
$email = $_POST['email'];
$password = sha1 ($_POST['pass']);
include('connect-db.php');
$query = mysqli_query ($db, "SELECT * FROM admin WHERE email = '$email' AND password = '$password'");
$row = mysqli_fetch_array ($query);
if(!empty($row['email']) AND !empty($row['password']))
{
$_SESSION['email'] = $row['password'];
成功或失败消息
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('Successful Login')
window.location.href='adminhome.php';
</SCRIPT>");
}
else
{
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('Invalid Login Credentials')
window.location.href='adminsignin.php';
</SCRIPT>");
}
}
}
if(isset($_POST['submit']))
{
SignIn();
}
这个代码有什么问题,它不让我用散列密码登录?
您的代码中有一些陷阱,也有一些解决它的可能性。
最简单的解决方法是修改
if (!empty($_POST['email']))
{
$email = $_POST['email'];
$password = ($_POST['pass']);
if (!empty($_POST['email']))
{
$email = $_POST['email'];
$password = sha1($_POST['pass']); //you need to check the hashes not the password itself.
一个更简洁的修复是使用password_hash
(见这里)。
你的代码应该是:
使用mysql数据库
$myslqiDB = new mysqli("localhost", "my_user", "my_password", "world");
报名
$email = $myslqiDB->real_escape_string($_POST['email']);
$options = [
'cost' => 12,
];
$password = $myslqiDB->real_escape_string(password_hash ($_POST['password'],PASSWORD_BCRYPT, $options));
$query = "INSERT INTO admin (forename,surname,email,securityq, securitya,password) VALUES ('$forename','$surname','$email','$securityq','$securitya','$password')";
$data = $myslqiDB->query ($query)or die($myslqiDB->error());
登录
if (!empty($_POST['email']))
{
$email = $myslqiDB->real_escape_string($_POST['email']);
$password = $_POST['pass'];
$query = $myslqiDB->query ("SELECT * FROM admin WHERE email = '$email'");
$row = $myslqiDB->fetch_assoc ($query);
if(!empty($row['email']) AND !empty($row['password']))
{
if (password_verify ( $password , $row['password'] ) ){
//loggedin
}else{
//wrong password.
}
}else{
//no user with this email
}
在打印我的$query以查看与数据库进行比较的密码并检查数据库中的散列密码后,我意识到数据库中的密码缺少10个字符,我意识到我的VARCHAR设置为30…密码哈希值是40!
设置VARCHAR(40)后,密码散列立即工作。
任何与我有类似问题的人(愚蠢)确保你在数据库中的值足够长