我正试图根据一个标准让用户登录到一个登录表单上的两个不同区域。我遇到的问题是,如果提供了正确的密码,一切都会正常工作,但当提供了错误的密码时,什么都不会发生,甚至不会响应密码错误警报!可能出了什么问题?我的代码还好吗?
感谢
if(isset($_POST['login'])){
$username=$_POST['username'];
$password=$_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = $username;
$password = $password;
//$pass = md5($password);
$stmt = $pdo->prepare("SELECT password FROM table WHERE username=:username");
$stmt->bindValue(':username', $username, PDO::PARAM_STR);
$stmt->execute();
if($stmt->rowCount()<1){
echo 'INVALID USERNAME OR PASSWORD';
}else{
$password = $_POST['password'];
list($hash) = $stmt->fetch(PDO::FETCH_NUM);
if (password_verify($password, $hash)) {
$_SESSION['username'] = $username;
$status1 = "COMPLETED";
$status2 = "UNCOMPLETED";
$stmt = $pdo->query("SELECT status FROM table WHERE username ='$_SESSION[username]'");
$check = $stmt->fetch(PDO::FETCH_ASSOC);
$status = $check['status'];
if(strcmp($status, $status1) == 0){
header("location: completed/index.php");
exit();
}elseif(strcmp($status, $status2) == 0){
header("location: uncompleted/index.php");
exit();
}else{
echo 'INVALID USERNAME OR PASSWORD';
}
}
}
}
我认为问题在于您没有处理if语句中password_verify($password, $hash)返回false的条件。我在下面处理它:
if (isset($_POST['login'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = $username;
$password = $password;
//$pass = md5($password);
$stmt = $pdo->prepare("SELECT password FROM table WHERE username=:username");
$stmt->bindValue(':username', $username, PDO::PARAM_STR);
$stmt->execute();
if ($stmt->rowCount() < 1) {
echo 'INVALID USERNAME OR PASSWORD';
} else {
$password = $_POST['password'];
list($hash) = $stmt->fetch(PDO::FETCH_NUM);
if (password_verify($password, $hash)) {
$_SESSION['username'] = $username;
$status1 = "COMPLETED";
$status2 = "UNCOMPLETED";
$stmt = $pdo->query("SELECT status FROM table WHERE username ='$_SESSION[username]'");
$check = $stmt->fetch(PDO::FETCH_ASSOC);
$status = $check['status'];
if (strcmp($status, $status1) == 0) {
header("location: completed/index.php");
exit();
} elseif (strcmp($status, $status2) == 0) {
header("location: uncompleted/index.php");
exit();
} else {
echo 'INVALID USERNAME OR PASSWORD';
}
} else {
// handle wrong password here
echo 'INVALID PASSWORD';
}
}
}
我希望这能有所帮助。
问题是我的其他人在错误的地方。我把它放在if/elseif-strcmp语句之后。它应该在if(password_verify($password,$hash))块之后。
它是从phpfreak论坛上注意到的。归功于他因此正确的代码:
if(isset($_POST['login']))
{
$username = stripslashes($_POST['username']);
$password = stripslashes($_POST['password']);
$stmt = $pdo->prepare("SELECT password FROM table WHERE username=:username");
$stmt->bindValue(':username', $username, PDO::PARAM_STR);
$stmt->execute();
if($stmt->rowCount()<1)
{
echo '<div class="signals"><p class="bg-warning text-center warning"><button type="button" class="close" aria-label="Close"><span aria-hidden="true">×</span></button>INVALID USERNAME OR PASSWORD</div></p>';
}
else
{
$password = $_POST['password'];
list($hash) = $stmt->fetch(PDO::FETCH_NUM);
if (password_verify($password, $hash))
{
$_SESSION['username'] = $username;
$status1 = "COMPLETED";
$status2 = "UNCOMPLETED";
$stmt = $pdo->query("SELECT status FROM table WHERE username ='$_SESSION[username]'");
$check = $stmt->fetch(PDO::FETCH_ASSOC);
$status = $check['status'];
if(strcmp($status, $status1) == 0)
{
header("location: completed/index.php");
exit();
}
elseif(strcmp($status, $status2) == 0)
{
header("location: uncompleted/index.php");
exit();
}
}
else
{
echo '<div class="signals"><p class="bg-warning text-center warning"><button type="button" class="close" aria-label="Close"><span aria-hidden="true">×</span></button>INVALID USERNAME OR PASSWORD again</div></p>';
}
}
}