当我能够使用MD5哈希用户密码时,我正在构建一个应用程序。对于插入,它可以正常工作,但是当我进行身份验证时,它告诉我密码错误
require_once('connect.php');
$data = json_decode(file_get_contents("php://input"));
$email = ($data->email);
$password = ($data->password);
$row = $conn->query("
SELECT *
FROM user
WHERE email='".$email."'
AND password='".md5.$password."'
");
$row->setFetchMode(PDO::FETCH_ASSOC);
$userdetails = $row->fetchAll();
$user = $row->rowCount();
$error_message=array("message"=>("wrong"));
if ($user == 0) {
echo json_encode($error_message);
} else {
session_start();
$_SESSION['user']=$userdetails;
echo json_encode($userdetails);
}
更改
$row = $conn->query("SELECT * from user where email='".$email."' and password='".md5.$password."'");
至
$row = $conn->query("SELECT * from user where email='".$email."' and password='".md5($password)."'");
注意:您应该使用准备好的语句,也不要使用md5()use password_hash()和password_verify()
然后,您将在注册页面中拥有。
$hash = password_hash($password,password_default); // store this hash
然后是您的登录页面。
$stmt = $conn->query("SELECT * from user where email= ? ");
$stmt->execute(array($email));
$row = $stmt->fetch();
if(password_verify($password,$row['passwordFromDB'])){
session_start();
$_SESSION['user']=$userdetails;
//return what needs to be returned
}else{
$error_message=array("message"=>("wrong"));
echo json_encode($error_message);
}
注意:请确保您的数据库列的长度为60+