php - password_verify() 和 mysql 的问题,有些返回正确,有些不正确
问题描述
我对很多 php 非常缺乏经验。我有一个注册和登录页面。
从 index.php 页面创建的帐户工作正常,但来自名为 trucks.php 页面的帐户在 verify_password();
他们都使用相同的注册和登录 php 页面。
注册页面:
$type = $_REQUEST['type'];
// Register
$error = "";
$first = mysqli_real_escape_string($conn, $_REQUEST['first_name']);
$last = mysqli_real_escape_string($conn, $_REQUEST['last_name']);
$company_name = mysqli_real_escape_string($conn, $_REQUEST['restaurant_name']);
$email = mysqli_real_escape_string($conn, strtolower($_REQUEST['email']));
$pass = password_hash($_REQUEST['password1'],PASSWORD_DEFAULT);
$cpass = mysqli_real_escape_string($conn, $_REQUEST['password2']);
$phone = mysqli_real_escape_string($conn, $_REQUEST['phone']);
$address = mysqli_real_escape_string($conn, $_REQUEST['address']);
$city = mysqli_real_escape_string($conn, $_REQUEST['city']);
$state = mysqli_real_escape_string($conn, $_REQUEST['state']);
$zip = mysqli_real_escape_string($conn, $_REQUEST['zip']);
$website = mysqli_real_escape_string($conn, $_REQUEST['website']);
$q = "SELECT email FROM users WHERE (email='$email')";
$r = $conn->query($q);
while($row = $r->fetch_assoc())
{
if($row['email'] == $email)
{
$error = "email";
}
}
if($first == "")
{
$error = "first";
}
else if($last == "")
{
$error = "last";
}
else if($email == "")
{
$error = "email2";
}
else if($pass == "")
{
$error = "password";
}
else if(!password_verify($cpass,$pass))
{
$error = "confirm";
}
else if($phone < 0 || $phone > 9999999999)
{
$error = "phone";
}
if($error == "")
{
$q = "INSERT INTO users (first_name, last_name, email, password, phone, registration_date, type)
VALUES ('$first', '$last', '$email', '$pass', '$phone', NOW(), '0')";
$conn->query($q);
session_start();
$q = "SELECT id, type FROM users WHERE email = '$email'";
$r = $conn->query($q);
while($row = $r->fetch_assoc())
{
$id = $row['id'];
$type = $row['type'];
}
$_SESSION['id'] = $id;
//Truck Register
if($type = 1)
{
// Link Company to User for login
$q = "INSERT INTO company (user_id, company_name, website, city, postal_code)
VALUES ('$id', '$company_name', '$website', '$city', '$zip')";
$conn->query($q);
}
header("Location: ../index.php?regstatus=success");
exit;
}
else
{
if($type == 1)
{
header("Location: ../trucks.php?error=$error");
}
else{
header("Location: ../index.php?error=$error");
}
}
登录页面:
$email = mysqli_real_escape_string($conn, $_REQUEST['email']);
$pass = $_REQUEST['pass'];
$rem = $_REQUEST['remember'];
$q = "SELECT id, password FROM users WHERE email = '$email'";
$r = $conn->query($q);
while($row = $r->fetch_assoc())
{
$passhash = $row['password'];
$id = $row['id'];
}
$verified = password_verify($pass, $passhash);
if($verified)
{
session_start();
$passhash = "";
$pass = "";
$_REQUEST['pass'] = "";
$_SESSION['id'] = $id;
header("Location: ../index.php");
exit;
}
else{
header("Location: ../index.php?status=false");
exit;
}
?>
尝试切换编码,从 2 个注册页面更改为 1 个等。
解决方案
推荐阅读
- angular7 - 如何在 Angular7 中的 HttpUrl 中传递字典对象?
- algorithm - Optimal solution for clustering of rectangles
- java - ImageView onClick 动画在资源更改后不起作用
- php - 如何完全(我的意思是完全)销毁所有会话数据并防止缓存访问?
- file - 如何使用 corona sdk 读取特定文件
- javascript - 允许javascript控制一些环境的东西
- wpf - WPF Datagrid:如何通过鼠标单击列标题来清除列排序?
- android - 如何修复 viewmodel.setText 中的“NullPointerException”?
- sql - 通过分组查找丢失的记录
- android - 从另一个活动更新多个按钮的 settext