我是PHP和MySQL的新手,我正在为管理员制作一个登录脚本,但是我似乎找不到以下代码的问题。用户名和密码仍然不正确,即使它存在于数据库中并且已经以表格形式正确输入。
<?php
if(isset($_POST['adminlogin-submit'])){
require 'dbh.inc.php';
$username = $_POST['adminusername'];
$password = $_POST['adminpassword'];
if(empty($username) || empty($password)){
header("Location: ../adminlogin.php?error=emptyfields");
exit();
}
else{
$sql = "SELECT * FROM admin WHERE username=?;";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)){
header("location: ../adminlogin.php?error=sqlerror");
exit();
}
else{
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if($row = mysqli_fetch_assoc($result)){
$passwordCheck = password_verify($password, $row['password']);
if($passwordCheck == false){
header("location: ../adminlogin.php?error=wrongpassword");
exit();
}
else if($passwordCheck == true){
session_start();
$_SESSION['id'] = $row['id'];
$_SESSION['adminusername'] = $row['username'];
header("location: ../adminlogin.php?login=success");
exit();
}
else{
header("location: ../adminlogin.php?error=unknownerror");
exit();
}
}
else{
header("location: ../adminlogin.php?error=nouser");
exit();
}
}
}
}
else{
header("location: ../adminlogin.php");
exit();
}
password_verify
将密码的hash作为第二个参数,而不是密码本身。在表中,密码字段中的值不应为普通密码,而应为哈希值。
要在表中插入正确的哈希密码,请使用
$hashed_password = password_hash( $password, PASSWORD_DEFAULT );
$query = "UPDATE admin SET password = '$hashed_password' WHERE username='$username'";
...<execute query>