-1

我在 PHP/MYSQL 注册/登录系统上工作了一周,我确实遇到了 php password_hash 和 password_verify 函数的问题......注册工作并且使用 password_verify 登录一直失败,我不明白为什么......有人可以帮忙出去?我真的很绝望。

登录部分..我要实现的目标 1-检查电子邮件是否为空以及是否有效电子邮件..2-检查密码是否为空。3-如果 $email 和 $password 都正常..它会连接到 db.. 然后 a-它检查电子邮件是否存在于表 users 中,如果不存在则需要注册..b-如果用户存在于 db 中,然后它验证 $password 是否与 db 中的密码相同...如果它是有效密码..它回显“有效”..如果不是有效密码..它回显“无效电子邮件/密码”...即我想要达到的目标......

我在这里发布完整的代码:

数据库设计

user_id(auto_increment/primary key)
email(unique, varchar)
password(varchar, 255)

注册.php

<?php
$email=$password="";
$emailErr=$passwordErr="";
  if (isset($_POST['submit'])) {
 if (empty($_POST['email'])) {
    $emailErr="Enter your email";
  } 
    elseif (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === FALSE) {
      $emailErr = "Invalid email";
    }
      else
      {
        $email= trim($_POST['email']);
      }

 if (empty($_POST['password'])) {
     $passwordErr = "Enter your password";
      }     
        elseif (strlen($_POST['password']) < 3) {
          $passwordErr = "password must 4 length least";
        }
          else
          {
            $password = trim($_POST['password']);
          }

// if everything is filled correct connect
if ($email && $password)
 {

  include_once'connect.php';

$sql = "SELECT COUNT(users.email) FROM users WHERE email = :email";

$s = $pdo->prepare($sql);

$s->bindValue(':email', $email);

$s->execute();

  $result = $s->fetch(PDO::FETCH_NUM);

  $resultvalue = $result[0];
//if email exist, stop the script
if ($resultvalue > 0) {

 echo "Email already exist";  
exit();
}  

// if email not exist insert it
   else
   {
    $sql = "INSERT INTO users (email,password) VALUES (:email, :password)";
    $stmt = $pdo->prepare($sql);
    $stmt->bindValue(':email', $email);
    $stmt->bindValue(':password', password_hash($password, PASSWORD_DEFAULT));
    $stmt->execute();

        if ($stmt) {
          echo "Values inserted";
          exit();
        }

          else
          {
            echo "Insert values failed";
            exit();
          }
   }

}          

//if everything is not filled correct connect
else
   {
    $proceedErr = "Could not proceed";
   }
  }//submit

?>

<!DOCTYPE HTML>
<html>
 <head>
<title>Register page</title>
  <style type="text/css">
form p label
{
    display: block;
}

em
{
    color: red;
    font-style: normal;
}
  </style> 
   </head>

<body>

<?php
 if (isset($proceedErr)) {
   echo $proceedErr;
 }

?>

<form method="POST" action="">

<p>
<label for="email">Email :</label> 
<input type="text" name="email" id="email" placeholder="Enter your email" value/><em><?php if(isset($emailErr)) echo $emailErr;?></em>
</p>
<p>
<label for="email">Password :</label> 
<input type="password" name="password" id="password" placeholder="Enter your password" value/><em><?php if(isset($passwordErr)) echo $passwordErr;?></em>
</p>
  <input type="submit" name="submit" id="submit" value="Register" />
  </form>

   </body>   
</html>

登录.php

<?php
  $emailErr=$passwordErr="";
  $email=$password="";

  if (isset($_POST['submit'])) {
    if (empty($_POST['email'])) {
      $emailErr="Enter your email";
    }
      elseif (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === FALSE) {
       $emailErr = "Enter valid email";
      }
       else
       {
        $email = trim($_POST['email']);
       }

if (empty($_POST['password'])) {
  $passwordErr="Enter your password";
}
 else
 {
  $password= trim($_POST['password']); 
 }

  if ($email && $password) 
  {

  include_once'connect.php';

$sql = "SELECT user_id,email, password FROM users WHERE email = :email";

$s = $pdo->prepare($sql);

$s->bindValue(':email', $email);

$s->execute();

$result = $s->fetch(PDO::FETCH_ASSOC);

$resultvalue = count($result['email']);

print_r($result);

//if email do not exist, stop the script
if ($resultvalue < 1) {

 echo "Your email do not exist, please register";  

exit();
}  
  elseif (password_verify($password, $result['password'])) {
    echo "valide password / email";
    exit();
  }
    else
    {
      echo "InValid email / password";
      exit();
    }
  }


    else
    {
     echo "Email / password do not match";
    }

  }// end submit

?>
<!DOCTYPE HTML>
<html>
 <head>
<title>Login page</title>
  <style type="text/css">
form p label
{
    display: block;
}

em
{
    color: red;
    font-style: normal;
}
  </style> 
   </head>

<body>



<form method="POST" action="">

<p>
<label for="email">Email :</label> 
<input type="text" name="email" id="email" placeholder="Enter your email" value/><em><?php if(isset($emailErr)) echo $emailErr;?></em>
</p>

<p>
<label for="email">Password :</label> 
<input type="password" name="password" id="password" placeholder="Enter your password" value/><em><?php if(isset($passwordErr)) echo $passwordErr;?></em>
</p>

  <input type="submit" name="submit" id="submit" value="login" />
  </form>

   </body>   
</html>
4

1 回答 1

0

在这里测试了相同的脚本并且它有效。

我收到了答案“有效密码/电子邮件”,所以这个条件语句“(password_verify($password, $result['password']))”返回真(login.php 中的第 51 行)。

您是否收到任何错误消息或警告?

于 2015-11-05T22:09:19.467 回答