bcrpyt hasher 在登录到用户帐户时出现问题
我创建了一个注册和登录系统!注册没有问题。我输入所需的用户名,所需的电子邮件,所需的密码并按回车键,点击回车键后,我来到主页。问题是当我按下注销按钮时,当离开按钮将我带到登录页面时,当我重新输入用户名和密码时,我得到“不正确的用户名或密码”错误。
if (isset($_POST['register'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password = mysqli_real_escape_string($db, $_POST['password']);
$repeatpassword = mysqli_real_escape_string($db, $_POST['repeatpassword']);
$username_checker = "SELECT * FROM users WHERE username='$username'";
$email_checker = "SELECT * FROM users WHERE email='$email'";
$name_checker = mysqli_query($db,$username_checker) or die(mysqli_error($db));
$mail_checker = mysqli_query($db,$email_checker) or die(mysqli_error($db));
if(empty($username)){
array_push($errors,"Username is required");
return;
}
if(empty($email)){
array_push($errors,"Email is required");
return;
}
if(empty($password)){
array_push($errors,"Password is required");
return;
}
if(mysqli_num_rows($name_checker) > 0){
array_push($errors,"Username is already recorded in our database");
return;
}
if(mysqli_num_rows($mail_checker) > 0){
array_push($errors,"Email Address is already recorded in our database");
return;
}
if(!preg_match("/^[a-zA-Z ]*$/",$username)){
array_push($errors,"The username is only derived from uppercase and lowercase characters");
return;
}
if(strlen($_POST['username']) < 5){
array_push($errors,"Username must be at least 5 characters long");
return;
}
狐的传说1回答
-
湖上湖
每次对密码进行哈希处理时,都会创建一个新字符串(哈希),因此,如果您尝试将散列的密码与以前散列的密码进行匹配,则该字符串将永远不会起作用。试试这个:if (password_verify($_POST['password'], $result['password'])) //True if password is correct$_POST['password']是纯文本形式提交的表单中的密码。$result['password']是数据库中的哈希密码。请看一下PDO准备好的语句,你的代码真的像这样危险。
随时随地看视频慕课网APP
PHP