使用password_hash登录系统[重复]
问题描述 投票:-1回答:2
<?php
include "connection.php";
?>
<!DOCTYPE html>
<html>
<head>
<title>Add students</title>
<link rel="stylesheet" type="text/css" href="boosttrap.min.css">
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<form action="adduser.php" method="POST">
<div>
<h2>
Username will be generated automatically
</h2>
<br/>
<label>Password</label>
<input type="password" name="s_password" class="form-control" placeholder="Enter new passowrd">
<br/>
<label>Name</label>
<input type="text" name="s_name" class="form-control" placeholder="Enter name">
<br/>
<label>Surname</label>
<input type="text" name="s_surname" class="form-control" placeholder="Enter surname">
<br/>
<label>Date of birth</label>
<input type="date" name="s_dob" class="form-control" placeholder="Enter Date of birth">
<br/>
<label>Year group</label>
<select name ="s_yeargroup">
<option selected = "true" disabled="disabled"> Select one from below...</option>
<option value=1 >7</option>
<option value=2> 8</option>
<option value=3> 9</option>
<option value=4> 10</option>
<option value=5> 11</option>
</select>
<br/>
<button type="sumbit" name="btnAddUser" class="float" value ="Login">Create New User</button>
</div>
</form>
<a href="../logout.php">Logout</a>
</body>
<?php
if(isset($_POST["btnAddUser"])){
$hashed_password = password_hash($_POST['s_password'], PASSWORD_DEFAULT);
$name = $_POST["s_name"];
$surname = $_POST["s_surname"];
$dob = $_POST["s_dob"];
$yeargroup = $_POST["s_yeargroup"];
$usernamenew = substr($name, 0, 1);
$usernamenew1 = substr($surname, 0, 4);
$usernamenew3= $usernamenew.$usernamenew1;
$sql = "INSERT INTO tbluser (Username, Password, Role) VALUES ('$usernamenew3', '$hashed_password', 'Student')";
if(!mysqli_query($conn,$sql))
{
echo "Error with Username or password";
}
else
{
echo "Username and password created successfully. The username is ".$usernamenew3.".";
}
$sql4= "SELECT ID FROM tbluser WHERE Username = '$usernamenew3'";
$result1= mysqli_query($conn,$sql4);
$row= mysqli_fetch_assoc($result1);
$userid=$row['ID'];
$sql1 = "INSERT INTO student (name, surname, dob, yeargroup_id, tbluser_ID) VALUES ('$name','$surname','$dob','$yeargroup','$userid')";
if(!mysqli_query($conn,$sql1))
{
echo "Error with Student info";
}
else
{
echo " \r\nStudent has been added successfully.";
}
}
?>
这是我用来登录用户的代码
<?php session_start(); require_once "connection.php"; $message = ""; $role = ""; if(isset($_POST["btnLogin"])) { $password = $_POST["password"]; $stmt=$conn->prepare("SELECT Username, Password FROM tbluser WHERE Username = ? "); $stmt-> bind_param("s",$_POST["username"]); $stmt->execute(); $result = $stmt->get_result(); if(mysqli_num_rows($result) > 0) { while ($row = mysqli_fetch_assoc($result)) { if(password_verify($password, $row["Password"])) { if($row["Role"] == "Admin") { $_SESSION['AdminUser'] = $row["Username"]; $_SESSION['adminid']= $row["ID"]; $_SESSION['role'] = $row["Role"]; header('Location: admin/admin.php'); } elseif($row["Role"] == "Teacher") { $_SESSION['ProfUser'] = $row["Username"]; $_SESSION['teacherid']= $row["ID"]; $_SESSION['role'] = $row["Role"]; header('Location: teacher/prof.php'); } elseif($row["Role"] == "Student") { $_SESSION['StudentUser'] = $row["Username"]; $_SESSION['studentid']= $row["ID"]; $_SESSION['role'] = $row["Role"]; header('Location: student/student.php'); } else echo "Role is not recognised"; } } } }
[如果有人能找到我的错误,我将不胜感激。谢谢我的数据库,以备不时之需。
2个回答
投票
password_hash()和password_verify()。您仅从表中选择Username和Password列。因此,将不会设置$row["Role"],并且if条件都不会成功。结果您应该得到错误Role is not recognized。
将其更改为:
$stmt=$conn->prepare("SELECT Username, Password, Role, ID FROM tbluser WHERE Username = ? ");
还添加else语句,以便您知道登录失败时哪个if条件失败。
<?php if(isset($_POST["btnLogin"])) { $password = $_POST["password"]; $stmt=$conn->prepare("SELECT Username, Password FROM tbluser WHERE Username = ? "); $stmt-> bind_param("s",$_POST["username"]); $stmt->execute(); $result = $stmt->get_result(); if(mysqli_num_rows($result) > 0) { $row = mysqli_fetch_assoc($result); if(password_verify($password, $row["Password"])) { if($row["Role"] == "Admin") { $_SESSION['AdminUser'] = $row["Username"]; $_SESSION['adminid']= $row["ID"]; $_SESSION['role'] = $row["Role"]; header('Location: admin/admin.php'); } elseif($row["Role"] == "Teacher") { $_SESSION['ProfUser'] = $row["Username"]; $_SESSION['teacherid']= $row["ID"]; $_SESSION['role'] = $row["Role"]; header('Location: teacher/prof.php'); } elseif($row["Role"] == "Student") { $_SESSION['StudentUser'] = $row["Username"]; $_SESSION['studentid']= $row["ID"]; $_SESSION['role'] = $row["Role"]; header('Location: student/student.php'); } else echo "Role is not recognised"; } else { echo "Password incorrect"; } } else { echo "Username not found"; } } else { echo "Form not submitted correctly"; }
由于用户名是唯一的,因此在获取行时不需要while循环;只有一排。投票
password_hash文档中,password_hash与password_hash一起产生的字符串长60个字符,而其他算法可能会产生更长的字符。您在数据库中的PASSWORD_BCRYPT字段只有45个字符。根据文档中的建议,应将字段大小增加到255。
最新问题
- EFCore 在添加时更改实体的 ID。无法跟踪实体,因为具有键值的另一个实例已被跟踪
- GitLab 管道上传的正确 TWINE_REPOSITORY_URL 是什么?
- join 期间 ctrl+c 上的 Python 线程行为
- 内循环的时间复杂度
- Chrome 扩展:将自定义事件从内容脚本传递到 React/Next.js 应用程序
- 调整职员用户按钮大小
- 如何强制MacOS PKG要求用户在安装后将安装程序移至垃圾箱?
- 如何在 iOS 和 Web 的 React Native 中实现可调整大小、可移动和可移动的可拖动矩形?
- 找不到模块“@google/generative-ai”
- 任务:expo-modules-core:configureCMakeDebug[arm64-v8a]失败
- Elasticsearch:如何计算同一请求中每个字段聚合的术语总数
- Amazon Managed Airflow (MWAA) 工作一段时间后出现错误(ResourceNotFoundException)
- Docker authz 插件问题
- java.lang.NoClassDefFoundError: org/apache/hadoop/fs/impl/prefetch/PrefetchingStatistics 运行 pyspark 时
- 由于 SSL 证书错误,无法使用 Streamlit 应用程序
- 如何将 GitHub actions 输出转换为环境变量?
- 如果两个表 JPA 中的列名称不同,则进行 OnetoOne 映射
- Laravel JavaScript 将数组从后端传递到 JavaScript 中的数组
- 为什么在执行一个 sudo 命令之前我无法打开 Mac 文件(不允许操作)?
- 如何将服务器上的文本图像转换为javascript图像?