我正在创建一个基本的登录系统。我正在使用PHP5哈希功能。当插入数据库时,一切都正常,它正确地完成了自己的工作。
现在的问题是,当我试图从数据库中获取数据时,它似乎没有接收到。这是我的代码,也许这会给你一些想法:
// Create connection with the database
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection to see if It connects, if not output an error message.
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// We are going to tell mysql to give us everything back related to user if we give it a username.
$stmt = $conn->prepare("SELECT * FROM users WHERE Username=?");
//Pass the username to mysql. this is what the person entered into the form ($_POST['username'])
$stmt->bind_param("s", $_POST['Username']);
//tell mysql to run our now completed statement and search for the user and return his info
$stmt->execute();
//great now we ask mysql to give us a variable that contains all the rows it found with that username
$result = $stmt->get_result();
//if there are 0 rows it means it couldn't find the username so the user doesn't exist
if($result->num_rows==0){
echo "Looks like theres no username.";
}
//since it got to this part we know that it did find the username so we get the first row from the results
$myrow = $result->fetch_assoc();
//now we compare the password entered into the form ($_POST['password']) with the password in our db for the user ($myrow['Password'])
if(password_verify($_POST['Password'], $hashAndSalt)) {
echo "It worked Shaun!";
} else {
echo "nope";
}
正如您所看到的,我正在使用password_verify()功能。当我尝试登录数据库或从数据库获取信息时,它似乎与$_POST数据库中的正确信息不匹配。例如,我将输入"shaun",这是数据库中的一个表,它在应该返回"It worked"的地方返回"nope"。
编辑:
$hashAndSalt是一个将信息存储到数据库中的变量。采取以下措施:
//Here we are preparing to enter data into the database. Make sure to use all ? when entering data.
$stmt = $conn->prepare("INSERT INTO users (Username, Password, Rank) VALUES (?, ?, ?)");
//Basically all data will be entered into the database.
$stmt->bind_param("sss", $_POST['Username'], $hashAndSalt, $Rank);
$hashAndSalt = password_hash($_POST['Password'], PASSWORD_BCRYPT);
这就是我从您提供的代码中解释您试图做的事情,我已经评论了您需要提供额外代码来显示UI或返回结果的区域。这是未经测试的,但应该有效。
<?php
include 'database_settings.php';
$mysqli = @new mysqli ( $mysql_hostname, $mysql_username,
$mysql_password, $mysql_database );
if ( $mysqli->connect_errno > 0 ) {
// return your error
return;
}
if ( ( isset ( $_POST [ 'Username' ] ) ) && ( isset ( $_POST [ 'Password' ] ) ) ) {
if ( ( strlen ( $_POST [ 'Username' ] ) > 0 ) && ( strlen ( $_POST [ 'Password' ] ) > 0 ) ) {
$stmt = $mysqli->prepare ( 'SELECT * FROM users WHERE Username=?' );
$stmt->bind_param ( 's', $_POST [ 'Username' ] );
if ( !$stmt->execute () ) {
// return your error
return;
}
$result = $stmt->get_result ();
if ( $result->num_rows > 0 ) {
while ( $row = $result->fetch_assoc () ) {
if ( password_verify ( $_POST [ 'Password' ], $row [ 'Password' ] ) ) {
// login was successful
} else {
// show the login form, wrong username or password
}
break;
}
$result->close ();
} else {
$result->close ();
// show the login form, wrong username or password
}
} else {
// show the login form, user has pressed submit without filling out the form
}
} else {
// show the login form
}
$mysqli->close ();