时间戳

首页 > 解决方案 > 如何将哈希密码验证更改为普通密码?

php - 如何将哈希密码验证更改为普通密码?

问题描述

我正在建立一个带有注册和登录表格的新网站。作为一个初学者,我主要使用我在网上和书中找到的部分代码。我已经完成了注册表,它运行良好,但现在我的登录表单有问题,因为我能找到的所有代码都是基于散列密码的,而我必须构建的登录表单不需要它。您能否帮助将我现在拥有的脚本转换为无需任何密码即可工作的脚本(而不是密码,它只需要一个未散列的 6 位数字)。

我尝试了 check_login,但它没有用。

     $sql = "SELECT id, email, pin FROM users WHERE email = ?";

    if($stmt = $mysqli->prepare($sql)){
        // Bind variables to the prepared statement as parameters
        $stmt->bind_param("s", $param_email);

        // Set parameters
        $param_email = $email;

        // Attempt to execute the prepared statement
        if($stmt->execute()){
            // Store result
            $stmt->store_result();

            // Check if username exists, if yes then verify password
            if($stmt->num_rows == 1){                    
                // Bind result variables
                $stmt->bind_result($id, $username, $numerpin);
                if($stmt->fetch()){
                   if($stmt->num_rows == 1){
                        // Password is correct, so start a new session
                        session_start();

                        // Store data in session variables
                        $_SESSION["loggedin"] = true;
                        $_SESSION["id"] = $id;
                        $_SESSION["email"] = $email;                            

                        // Redirect user to welcome page
                        header("location: dashboard.php");
                    } else{
                        // Display an error message if password is not valid
                        $numerpin_err = "The password you entered was not valid.";
                    }
                }
            } else{
                // Display an error message if username doesn't exist
                $email_err = "No account found with that username.";
            }
        } else{
            echo "Oops! Something went wrong. Please try again later.";
        }
    }

标签: phpauthenticationhash

解决方案

你有这个查询:

"SELECT id, email, pin FROM users WHERE email = ?"

您正在检查电子邮件是否正确。你可以把它改成

"SELECT id, email, pin FROM users WHERE email = ? and pin = ?"

当然,传球也是如此。此外,您的错误信息具有误导性:

               if($stmt->num_rows == 1){
                    // Password is correct, so start a new session
                    session_start();

                    // Store data in session variables
                    $_SESSION["loggedin"] = true;
                    $_SESSION["id"] = $id;
                    $_SESSION["email"] = $email;                            

                    // Redirect user to welcome page
                    header("location: dashboard.php");
                } else{
                    // Display an error message if password is not valid
                    $numerpin_err = "The password you entered was not valid.";
                }

如果有多个记录具有相同的电子邮件怎么办?在这种情况下,它会说密码不正确,而不检查其实际值。通过电子邮件和 pin 获取记录、循环结果并在找到匹配项时创建会话会更可靠。如果没有匹配,则错误。

推荐阅读