我正在尝试创建一个登录页面,但它一直说找不到用户名和密码,即使我从数据库中输入了正确的信息。
if(isset($_POST['submit'])){
$errMsg = '';
$username = $_POST['username'];
$password = $_POST['password'];
if($username == '')
$errMsg .= 'You must enter your Username<br>';
if($password == '')
$errMsg .= 'You must enter your Password<br>';
if($errMsg == ''){
$conn=new PDO("mysql:host:localhost;dbname=database",'root','');
$stmt = $conn->prepare('SELECT id,username,password FROM admin WHERE username = :username');
$stmt->bindParam(':username', $username);
$stmt->execute();
$stmt = $stmt->fetch(PDO::FETCH_ASSOC);
if(count($stmt) > 0 && password_verify($password, $stmt['password'])){
$_SESSION['username'] = $stmt['username'];
header('location:welcome.php');
exit;
}else{
$errMsg .= 'Username and Password are not found<br>';
}
}
}
正如您所说:"我手动创建了一个数据库,在表管理员中,我给了用户名root和密码root 36"password_verify函数验证密码是否与哈希匹配。但是您正在传入一个字符串作为password_verify函数的第二个参数。这就是它找不到匹配项的原因
您应该使用password_hash函数将密码作为哈希保存到admin表中:
// saving password
password_hash("root 36", PASSWORD_DEFAULT);
...
// verifying password
...
if(count($stmt) > 0 && password_verify($password, $stmt['password'])){
...
http://php.net/manual/en/function.password-hash.php
http://php.net/manual/en/function.password-verify.php