我查看了与此相关的其他问题/答案,并尝试以多种方式修改我的代码以适应他们的答案,但没有成功。我有一个可以正常工作的注册表单,并使用 password_hash 函数成功地将用户添加到数据库中。密码字段为 VARCHAR(255),输入时显示为散列。
问题在于登录表单。我一整天都在尝试各种方法,但没有成功。下面是我当前的 login.php 脚本。
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
//error if both boxes empty
if (empty($_POST['email']) || empty($_POST['password'])) {
$error = "Please fill in both boxes";
}
else
{
// connecting, selecting database
require_once 'dbstuff.php';
include 'opendb.php';
// To protect MySQL injection for Security purpose and define $email and $password
$email = mysqli_real_escape_string($cxn,$_POST['email']);
$password = mysqli_real_escape_string($cxn,$_POST['password']);
//selects user = to email given
$sel_user = "SELECT * from Customer WHERE email='$email'";
$result = $cxn->query($sel_user);
//if matched email in DB verifies password given with hashed password in DB
if($result->num_rows ===1){
$row = $result->fetch_array(MYSQLI_ASSOC);
if (password_verify($password, $row['password'])){
echo "match";
//$_SESSION['login_user']=$email; // Initializing Session
//header("location: index.php"); // Redirecting To Other Page
} else {
$error = "email or Password is invalid";
}
}
mysqli_close($cxn); // Closing Connection
}
}
?>
$error 变量工作正常,但仍然看不到密码验证出错的地方,不断收到“电子邮件或密码无效”错误而不是“匹配”。
对于我在代码中遗漏的内容,我真的很感激一些反馈!谢谢 :)