尽管输入正确,但具有PHP和MySQL用户名和密码的管理员登录脚本不正确

问题描述 投票:0回答:1

我是PHP和MySQL的新手,我正在为管理员制作一个登录脚本,但是我似乎找不到以下代码的问题。用户名和密码仍然不正确,即使它存在于数据库中并且已经以表格形式正确输入。

Here is the screenshot of my "admin" table

<?php

if(isset($_POST['adminlogin-submit'])){

    require 'dbh.inc.php';

    $username = $_POST['adminusername'];
    $password = $_POST['adminpassword'];

    if(empty($username) || empty($password)){
        header("Location: ../adminlogin.php?error=emptyfields");
        exit();
    }
    else{
        $sql = "SELECT * FROM admin WHERE username=?;";
        $stmt = mysqli_stmt_init($conn);
        if(!mysqli_stmt_prepare($stmt, $sql)){
            header("location: ../adminlogin.php?error=sqlerror");
            exit();
        }
        else{
            mysqli_stmt_bind_param($stmt, "s", $username);
            mysqli_stmt_execute($stmt);
            $result = mysqli_stmt_get_result($stmt);
            if($row = mysqli_fetch_assoc($result)){
                $passwordCheck = password_verify($password, $row['password']);
                if($passwordCheck == false){
                    header("location: ../adminlogin.php?error=wrongpassword");
                    exit();
                }
                else if($passwordCheck == true){
                    session_start();
                    $_SESSION['id'] = $row['id'];
                    $_SESSION['adminusername'] = $row['username'];

                    header("location: ../adminlogin.php?login=success");
                    exit();
                }
                else{
                    header("location: ../adminlogin.php?error=unknownerror");
                    exit();
                }
            }
            else{
                header("location: ../adminlogin.php?error=nouser");
                exit();
            }
        }
    }
}
else{
    header("location: ../adminlogin.php");
    exit();
}
php mysql
1个回答
0
投票

password_verify将密码的hash作为第二个参数,而不是密码本身。在表中,密码字段中的值不应为普通密码,而应为哈希值。

检查password_hash

要在表中插入正确的哈希密码,请使用

$hashed_password = password_hash( $password, PASSWORD_DEFAULT );
$query = "UPDATE admin SET password = '$hashed_password' WHERE username='$username'";

...<execute query>
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.