不能用哈希密码登录 - Mysqli PHP

问题描述 投票:-1回答:1

我已经在注册页面用下一个代码对我的密码进行了散列。

$c_pass = $_POST['c_pass'];
$storePassword = password_hash($c_pass, PASSWORD_BCRYPT, array('cost' => 10));

而在登录页面,我有这个代码。

$customer_email = $_POST['c_email'];
$customer_pass = $_POST['c_pass'];
$select_customer = "select * from customers where customer_email='$customer_email' AND customer_pass='$customer_pass'";

当我试图登录时,他们弹出了一个错误的屏幕,说我的凭证无效。我尝试使用

if(password_verify($customer_password,$row['c_pass'])){。

但注意到帮助我,谁能给我写出解决方案,因为我找不到解决方案。

php mysqli
1个回答
1
投票

你应该删除 AND 从你 WHERE 子句,因为当用户在登录表单输入时,他的密码是非哈希值,因此你永远不会通过email + password的复合条件来检索用户。相反,你应该通过标识符(用户名或电子邮件)找到用户,然后你应该将登录表单密码输入的原始密码与数据库中的哈希值进行比较。所以可以看看下面的内容。

$mysqli = new mysqli('host', 'user', 'password', 'db_name');

// these are submitted input values from the login form which you handle
$email = $_POST['c_email'];
$password = $_POST['c_password'];

// build your query with prepared statements which will retrieve
// the user from the database with login form submitted email
$stmt = $mysqli->prepare('select * from customers where customer_email = ?');
$stmt->bind_param('s', $email);
$stmt->execute();

$result = $stmt->get_result();
$customer = $result->fetch_assoc();

if (empty($customer)) { 
    // no user found by this email, so send to user response message
    // that your system cannot find any customer by provided email
    return false;
}

// here you compare the typed user login password versus the fetched user's password from the database by the provided user email
if (password_verify($password, $customer['c_pass'])) {
    // ok, so the password comparison match
} else {
    // invalid password
}
© www.soinside.com 2019 - 2024. All rights reserved.