我创建了一个注册和登录系统!注册没有问题。我输入所需的用户名,所需的电子邮件,所需的密码并按回车键,点击回车键后,我来到主页。问题是当我按下注销按钮时,当离开按钮将我带到登录页面时,当我重新输入用户名和密码时,我得到“不正确的用户名或密码”错误。 if (isset($_POST['register'])) { $username = mysqli_real_escape_string($db, $_POST['username']); $email = mysqli_real_escape_string($db, $_POST['email']); $password = mysqli_real_escape_string($db, $_POST['password']); $repeatpassword = mysqli_real_escape_string($db, $_POST['repeatpassword']); $username_checker = "SELECT * FROM users WHERE username='$username'"; $email_checker = "SELECT * FROM users WHERE email='$email'"; $name_checker = mysqli_query($db,$username_checker) or die(mysqli_error($db)); $mail_checker = mysqli_query($db,$email_checker) or die(mysqli_error($db)); if(empty($username)){ array_push($errors,"Username is required"); return; } if(empty($email)){ array_push($errors,"Email is required"); return; } if(empty($password)){ array_push($errors,"Password is required"); return; } if(mysqli_num_rows($name_checker) > 0){ array_push($errors,"Username is already recorded in our database"); return; } if(mysqli_num_rows($mail_checker) > 0){ array_push($errors,"Email Address is already recorded in our database"); return; } if(!preg_match("/^[a-zA-Z ]*$/",$username)){ array_push($errors,"The username is only derived from uppercase and lowercase characters"); return; } if(strlen($_POST['username']) < 5){ array_push($errors,"Username must be at least 5 characters long"); return; }
1 回答
湖上湖
TA贡献2003条经验 获得超2个赞
每次对密码进行哈希处理时,都会创建一个新字符串(哈希),因此,如果您尝试将散列的密码与以前散列的密码进行匹配,则该字符串将永远不会起作用。
试试这个:
if (password_verify($_POST['password'], $result['password'])) //True if password is correct
$_POST['password']是纯文本形式提交的表单中的密码。
$result['password']是数据库中的哈希密码。
请看一下PDO准备好的语句,你的代码真的像这样危险。
- 1 回答
- 0 关注
- 89 浏览
添加回答
举报
0/150
提交
取消