我正在学习如何使用预处理语句,我想我会尝试使用password_hash()和password_verify()函数登录系统(简单).我已成功使用准备好的状态数据库插入数据,现在我希望验证密码并对用户执行某些操作.
我似乎在这个阶段收回了我的失败信息:
$stmt = $conn->prepare("SELECT username, password FROM users WHERE username = ?");
$stmt->bind_param('s', $username);
$username = $_POST['ulogin'];
$password = $_POST['upassword'];
$stmt->execute();
$stmt->bind_result($username, $password);
$row = $stmt->fetch();
if ($stmt->num_rows == 1) {
if (password_verify($password, $row['user_password'])) {
echo 'success';
}
} else {
echo "Wrong data";
}
$stmt->close();
$conn->close();
如果我这样做var_dump($stmt->fetch());并且登录用户名是正确的,则返回为bool(true)
我不知道如何尝试验证密码.
<?php
$stmt = $conn->prepare("SELECT username, password FROM users WHERE username = ?");
$stmt->bind_param('s', $username);
$username = $_POST['ulogin'];
$password = $_POST['upassword'];
$stmt->execute();
$stmt->bind_result($username, $password);
$row = $stmt->fetch(); //fetch DB results
if (!empty($row)) { // checks if the user actually exists(true/false returned)
if (password_verify($_POST['upassword'], $row['password'])) {
echo 'success'; // password_verify success!
} else {
echo 'failed';
}
} else {
echo "This user does not exist"; //email entered does not match any in DB
}
$stmt->close();
$conn->close();
您无需检查行数.如果由于任何原因未验证密码,也要有else语句
| 归档时间: |
|
| 查看次数: |
2447 次 |
| 最近记录: |