当这段代码运行时,它返回一条登录失败的错误消息。当password_verify函数没有运行时,特定的错误消息在else语句中,并使用var_dump函数返回以下错误消息。似乎问题在于准备好的语句,因为输入的登录变量似乎没有从数据库收集信息。
Login Failed: (0)array(0) {}
error_reporting(E_ALL);
$mysqli = new mysqli('localhost', 'root', 'root', 'myTable');
if ($mysqli->connect_errno > 0) {
die('Unable to connect to database [' . $mysqli->connect_error . ']');
}
ob_start();
session_start();
if (isset($_POST['LogIn'])) {
$username = $_POST['userName'];
$password = $_POST['password'];
if (!($stmt = $mysqli->prepare("SELECT Username, Password FROM user WHERE Username = ?"))) {
echo "Prepare failed: (" . $mysqli->errno . ")" . $mysqli->error;
}
if (!$stmt->bind_param('s', $username)) {
echo "Bind failed: (" . $stmt->errno . ")" . $stmt->error;
}
if (!$stmt->execute()) {
echo "Execute failed: (" . $stmt->errno . ")" . $stmt->error;
}
$userdata = $stmt->get_result();
$row = $userdata->fetch_array(MYSQLI_ASSOC);
$stmt->bind_result($username, $password);
$stmt->store_result();
if (password_verify($password, $row['Password'])) {
session_start();
$_SESSION['UserID'] = $row['UserID'];
var_dump($_SESSION);
// header('Location: Account.php');
exit();
} else {
echo "Login Failed: (" . $stmt->errno . ")" . $stmt->error;
echo "Password's do not match";
var_dump($_SESSION);
}
$stmt->close();
}
$mysqli->close();
这可能就是你要找的。
if(isset($_POST['LogIn'])) {
$UN = $_POST['userName'];
$PW = $_POST['password'];
//write sql to check for email or username
$query = "SELECT * from user where Username=? LIMIT 1";
$stmt = $con->prepare($query);
$stmt->bind_param('s', $UN);
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
if($row && password_verify($PW, $row['Password'])) {
session_start();
$_SESSION["UserID"] = $row['UserID'];
header( 'Location: Account.php' );
die;
}
session_start();
$_SESSION['LogInFail'] = "Yes";
}