由于我现在的代码,我总是得到用户名/密码是否匹配echo "Username/Password incorrect.";
。我的问题是,我在下面的代码中做错了什么,让 php 始终回显"用户名/密码不正确"
<?php
require 'privstuff/dbinfo.php';
$password1 = $_POST["password1"];
$username = $_POST["username"];
$mysqli = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_DATABASE);
if(mysqli_connect_errno()) {
echo "Connection Failed. Please send an email to owner@othertxt.com regarding this problem.";
exit();
}
if ($stmt = $mysqli->prepare("SELECT username, password FROM accounts WHERE username=? and password=?")) {
$db_pw = password_hash($password1, PASSWORD_BCRYPT);
$stmt->bind_param("ss", $username, $db_pw);
$stmt->execute();
if ($stmt->affected_rows > 0) {
echo "Logged in.";
}else{
echo "Username/Password incorrect.";
}
$stmt->close();
}
$stmt->close();
$mysqli->close();
?>
更新我已将if ($stmt->affected_rows > 0)
更改为if ($stmt->num_rows)
。虽然仍然不起作用更新 2我已经意识到问题是我使用了password_hash($password1, PASSWORD_BCRYPT);
我没有意识到哈希每次都会给出不同的字符串。我不明白如何使用password_verify
mysqli_stmt_affected_rows()
的文档说:
此函数仅适用于更新表的查询。为了从 SELECT 查询中获取行数,请改用 mysqli_stmt_num_rows()。
您还需要先调用mysqli_stmt_store_results()
来缓冲结果。
$stmt->store_results();
if ($stmt->num_rows > 0) {
...
}
我想通了。我不应该再使用password_hash。我没有意识到使用password_hash会产生不同的结果。然后我将其更改为使用 password_verify。
<?php
require 'privstuff/dbinfo.php';
$username = $_POST["username"];
$password1 = $_POST["password1"];
$mysqli = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_DATABASE);
// Check connection
if(mysqli_connect_errno()) {
echo "Connection Failed: " . mysqli_connect_errno();
exit();
}
/* create a prepared statement */
if ($stmt = $mysqli->prepare("SELECT `password` FROM `accounts` WHERE username = ?")) {
/* Bind parameters: s - string, b - blob, i - int, etc */
$stmt -> bind_param("s", $username);
/* Execute it */
$stmt -> execute();
/* Bind results */
$stmt -> bind_result($result);
/* Fetch the value */
$stmt -> fetch();
/* Close statement */
$stmt -> close();
}
if(password_verify($password1, $result))
{
echo("Hello");
}else{
echo("No-Go");
}
$mysqli->close();
?>