我创建了一个登录页面,但是当代码想用输入的密码验证哈希密码时,它向我显示了错误信息。用德鲁的手册password_verify不起作用(password_hash)
<?php
session_start();
$pdo = new PDO(xxxx);
if(isset($_GET['login'])) {
\t $username = $_POST['username'];
\t $password = $_POST['password'];
\t
\t $statement = $pdo->prepare('SELECT * FROM users WHERE username = :username');
\t $result = $statement->execute(array('username' => $username));
\t $user = $statement->fetch();
\t //verify password
\t if ($user !== false && password_verify($password, $user['passwort'])) {
\t \t $_SESSION['userid'] = $user['id'];
\t \t die('Login succesfull');
\t } else {
\t \t $errorMessage = "Login error";
\t }
\t
}
if(isset($errorMessage)) {
\t echo $errorMessage;
}
?>
现在我编辑与Drew's manual帮助的代码,但它也不管用。
<?php
session_start();
$pdo = new PDO(xxxxx);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if(isset($_GET['login'])) {
\t $username = $_POST['username'];
\t $passwort = $_POST['password'];
\t
$query = $pdo->prepare("SELECT * FROM users WHERE username=:username");
$query->bindParam(':username', $username);
$query->execute();
unset($_SESSION['username']);
if(($row = $query->fetch()) && (password_verify($passwort,$row['passwort']))){
$_SESSION['username'] = $row['username'];
//header("Location: ../../myaccount/myaccount.php");
echo "hurray, you authenticated.<br/>";
}
else {
//header("Location:../../login/login.php ");
echo "invalid login<br/>";
}
}
?>
请确保您有'$ password'和'$ user ['passwort']'的期望值,并且检查您是否在注册码中对密码进行任何字符串操作(即转义)。 – JimL
密码栏真的叫做* passwort *吗? (带t) – ShiraNai7
是的,因为我是德国人。在我的表头iis写上“passwort”。 – Tim