php - PHP密码未能加密并在数据库内以明文形式显示
问题描述
我不知道这是怎么发生的,因为我的登录密码之前工作得很好,现在我发现它在 phpmyadmin 中以明文形式显示密码。我没有碰任何东西,所以我现在很难过。
我不确定错误在哪里,但我已经添加了我的register.php页面并删除了大部分我知道不是问题的代码,所以主要是我为密码代码编写的内容:
<?php
$password = $mysqli->escape_string
(password_hash($_POST['password'], PASSWORD_BCRYPT));
$password = trim($_POST['password']);
$password = strip_tags($password);
$password2 = trim($_POST['password2']);
$password2 = strip_tags($password2);
if (empty($password)){
$error = true;
$_SESSION['message'] = "Please enter password.";
header("location: error.php");
} else if(strlen($password) < 6) {
$error = true;
$_SESSION['message'] = "Password must have atleast 6 characters.";
header("location: error.php");
} else if ($password != $password2) {
$error = true;
$_SESSION['message'] = "Please check if both password fields match.";
header("location: error.php");
} else if ($password == $user_name && $password2 == $user_name) {
$error = true;
$_SESSION['message'] = "Please check that your
password is not the same as username.";
header("location: error.php");
}
if( !$error ) {
$result = $mysqli->query("SELECT * FROM users WHERE email='$email'")
or die($mysqli->error());
if ( $result->num_rows > 0 ) {
$_SESSION['message'] = 'User with this email already exists!';
header("location: error.php");
}
else {
$sql = "INSERT INTO users (first_name, user_name,
email, password, hash) ".
"VALUES ('$first_name','$user_name',
'$email','$password', '$hash')";
这是我的login.php页面,这是我得到实际错误的地方,说我的密码不正确:
<?php
$email = $mysqli->escape_string($_POST['email']);
$result = $mysqli->query("SELECT * FROM users WHERE email='$email'");
if ( $result->num_rows == 0 ){
$_SESSION['message'] = "User with that email doesn't exist!";
header("location: error.php");
}
else {
$user = $result->fetch_assoc();
if ( password_verify($_POST['password'], $user['password']) ) {
$_SESSION['email'] = $user['email'];
$_SESSION['first_name'] = $user['first_name'];
$_SESSION['user_name'] = $user['user_name'];
$_SESSION['active'] = $user['active'];
$_SESSION['logged_in'] = true;
header("location: profile.php");
}
else {
$_SESSION['message'] = "You have entered wrong password, try again!";
header("location: error.php");
}
}
解决方案
您正在重置$password
变量
<?php
//Change this to $password_encrypted
$password = $mysqli->escape_string
(password_hash($_POST['password'], PASSWORD_BCRYPT));
$password = trim($_POST['password']);//This is overriding the above $password
$password = strip_tags($password);
尝试将第一个更改$password
为类似$password_encrypted
然后在 SQL 语句中使用它
$sql = "INSERT INTO users (first_name, user_name,
email, password, hash) ".
"VALUES ('$first_name','$user_name',
'$email','$password_encrypted', '$hash')";
另外我没有注意到$hash
您给出的代码中设置的变量,我认为这是在其他地方设置的?
推荐阅读
- c# - 如何实现取决于复选框更改为 Datagrid 的功能?
- android - 删除 Room Android 中的大表
- windows - 当我尝试通过 PowerShell 在 Active Directory 中搜索已删除的用户时,为什么会出现空白屏幕?
- python - Python3.x RuntimeError:事件循环已关闭
- c# - Newtonsoft.Json - 将通用对象反序列化为包装类
- java - 在java中将JSON从ajax请求转换为JSON对象
- allen-sdk - 在哪里可以找到以前由 allensdk.CellTypesCache.get_cells() 返回的数据
- ember.js - Emberjs 视图不会在创建新记录时更新?
- angular - RadioButtons Internet Explorer 双击
- mysql - 如何在 MySQL 工作台中撤消“过滤到此模式”?