我正在尝试为我的网站创建一个API,为此我已经为此创建了一个函数。但是该功能无法使用POST功能在POSTMAN中验证我的密码。我一生无法理解我哪里错了。数据库中的密码使用php hash函数输入: $password =password_hash($pass, PASSWORD_DEFAULT); 。public function userLogin($username, $password){ $stmt = $this->con->prepare("SELECT password FROM farms WHERE farmname = ? "); $stmt->bind_param("s", $username); $stmt->execute(); $row = $stmt->get_result()->fetch_assoc(); $hash = $row['password']; if (password_verify($hash, $password)) { return $stmt->num_rows > 0; }}Login.php文件require_once '../includes/DbOperations.php';$response = array();if($_SERVER['REQUEST_METHOD']=='POST'){ if(isset($_POST['username']) and isset($_POST['password'])){ $db = new DbOperations(); if($db->userLogin($_POST['username'], ($_POST['password']))){ $user = $db->getUserByUsername($_POST['username']); $response['error'] = false; $response['username'] = $user['farmname']; }else{ $response['error'] = true; $response['message'] = "Invalid username or password"; } }else{ $response['error'] = true; $response['message'] = "Required fields are missing"; }}echo json_encode($response);我没有得到用户名,而是不断收到错误消息:{“错误”:true,“消息”:“无效的用户名或密码”}
3 回答
HUH函数
TA贡献1836条经验 获得超4个赞
我认为该userLogin函数应该返回一个值(true / false),而不管密码是否匹配,以便if / else逻辑起作用。由于返回值为password_verifytrue或false,因此可以简单地返回。
public function userLogin($username, $password){
$sql='select `password` from `farms` where `farmname` = ?'
$stmt=$this->con->prepare( $sql );
if( !$stmt )return false;
$stmt->bind_param( 's', $username );
$res=$stmt->execute();
if( !$res )return false;
$stmt->store_result();
$stmt->bind_result( $pwd );
$stmt->fetch();
$stmt->free_result();
$stmt->close();
return password_verify( $password, $pwd );
}
--
忙着在车库里忙碌,但根据我数据库中的数据迅速整理了上述功能的一些演示。
<?php
if( $_SERVER['REQUEST_METHOD']=='POST' ){
$dbhost = 'localhost';
$dbuser = 'root';
$dbpwd = 'xxx';
$dbname = 'experiments';
$db = new mysqli( $dbhost, $dbuser, $dbpwd, $dbname );
/*
the class from which userLogin originates was unknown so I guessed
and made an ultra basic representation of what it might be.
*/
class user{
private $con;
public function __construct( $con ){
$this->con=$con;
}
public function userLogin($username, $password){
$sql='select `password` from `farms` where `farmname` = ?';
/*
as I do not have a table `farms` I chose another
table that has a hashed password column to test against.
*/
$sql='select `hashpwd` from `users` where `username`=?';
$stmt=$this->con->prepare( $sql );
if( !$stmt )return false;
$stmt->bind_param( 's', $username );
$res=$stmt->execute();
if( !$res )return false;
$stmt->store_result();
$stmt->bind_result( $pwd );
$stmt->fetch();
$stmt->free_result();
$stmt->close();
return password_verify( $password, $pwd );
}
}//end class
/* instantiate the class with the db as an argument */
$user=new user( $db );
/* capture POST vars */
$username=filter_input( INPUT_POST,'username',FILTER_SANITIZE_STRING );
$password=filter_input( INPUT_POST,'password',FILTER_SANITIZE_STRING );
/* test if the password was OK or not... */
if( $user->userLogin($username,$password) ){
echo "OK";
} else {
echo "Bogus";
}
exit();
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8' />
<title>Farm - Form - mySQLi</title>
</head>
<body>
<form method='post'>
<input type='text' name='username' />
<input type='password' name='password' />
<input type='submit' />
</form>
</body>
</html>
毫不奇怪,结果"OK"表明该功能按预期工作。因此,总而言之,我建议问题出在其他地方
慕村9548890
TA贡献1884条经验 获得超4个赞
我认为您的功能在if之后需要else语句
例如:
if (password_verify($hash, $password)) {
return $stmt->num_rows > 0;
}
else{}
- 3 回答
- 0 关注
- 181 浏览
添加回答
举报
0/150
提交
取消