0

我正在更改我的注册并登录到不同的加密(Phpass),因为每个人都说 md5 不再安全。我设法让注册功能正常工作,但无法弄清楚为什么登录不起作用。此代码运行没有错误,但它没有从这一行传递if($stm->rowCount()>0){}

请忽略注释代码,它是我的旧登录版本。欢迎任何其他建议!

  include("include/connection.php");
        require_once('include/PasswordHash.php');

        function login($db){
            if (isset($_GET["type"])){  
                if($_GET["type"]=="log" && isset($_POST['email']) && isset($_POST['password'])){

                    session_start();

                    $email = $_POST['email'];
                    $password = $_POST['password'];
                    $hasher = new PasswordHash(8, false);

                    if($email=='' || $password==''){
                        echo "<font style='background-color: #F9C5CA'>Error: Please fill the required fields.</font>";
                    }else{

                        //$password = md5($password);
                        $pass = $hasher->HashPassword($_POST['password']);

                        $sql = "SELECT email,password,id FROM user WHERE email=? AND password=?";
                        $stm = $db->prepare($sql);
                        $stm->execute(array($email,$pass));
                        $row = $stm->fetch(PDO::FETCH_ASSOC);

                        /*if($stm->rowCount()>0){

                            $_SESSION['id']=$row['id'];
                            header('Location: cpanel/#welcome');
                        }else{
                            echo "<font style='background-color: #F9C5CA'>Error: Your email and/or password are incorrect. Please try again.</font>";
                        }*/

                        if($stm->rowCount()>0){
                            if ($hasher->CheckPassword($pass,$row['password'])) {
                                $_SESSION['id']=$row['id'];
                                header('Location: cpanel/#welcome');
                                exit();

                            }else{
                                echo "<font style='background-color: #F9C5CA'>Error: Your email and/or password are incorrect. Please try again.</font>";
                            }
                        }
                    }
                }
            }
        }
4

2 回答 2

0

确保散列密码为 60 个字符,否则将返回 false。我有同样的问题,注意到我的第一个散列密码是 61 个字符。

于 2013-11-07T10:40:56.417 回答
0

您可以更改条件,因为有几种方法可以替换rowCount()

如果用户存在则$row = $stm->fetch(PDO::FETCH_ASSOC);返回一个包含数据的数组,如果没有用户则返回一个空数组:

// Count array and check if is greater than 0
if ( count($row) > 0 )
// Check if array is not empty
if ( !empty($row) )
// Simple check. An empty array would return false
if ( $row )
于 2013-04-22T19:42:09.603 回答