【发布时间】:2018-05-11 12:03:30
【问题描述】:
我有一个带有“用户”表的数据库。在用户表中,我有以下列:"user_id","user_first","user_last","user_email","user_phone","user_uid","user_password"。
if (isset($_POST['submit'])) {
include 'dbh.inc.php';
$uid = $_POST['uid'];
$pwd = $_POST['password'];
if(empty($uid) || empty($pwd)) {
header("Location: ../index.php?login=empty");
exit();
} else {
try {
$sql = "SELECT * FROM users";
$result = $conn->prepare(
$sql . "WHERE user_uid = ?"
);
$result->bindParam( 1, $uid, PDO::PARAM_STR );
$result->execute();
} catch (Exception $e) {
echo"Bad Query";
}
$resultCheck = $result->rowCount();
if ($resultCheck < 1 ) {
header("Location: ../index.php?login_not_good");
exit();
} else {
$row = $result->fetch(PDO::FETCH_ASSOC);
if($row) {
//De-hashing the password
$hashedPwdCheck = password_verify($pwd,$row['user_password']);
if ($hashedPwdCheck == false) {
header("Location: ../index.php?login=error");
exit();
} elseif ($hashedPwdCheck == true) {
//Log in the user here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../index.php?login=login_success");
exit();
}
}
}
}
} else {
header("Location: ../index.php?login=error");
exit();
}
问题是当我尝试使用已在 sql 数据库中创建的 uid 和密码登录时,它返回:“../index.php?login_not_good”。我该怎么办?
【问题讨论】:
-
password_verify() 结果是否与密码相同
-
它会产生任何错误吗?你在 WHERE 之前需要一个空格。 $sql 。 “在哪里 user_uid = ?”或在用户 $sql = "SELECT * FROM users "; 之后
-
检查
user_uid是否存在到您的数据库中, -
$sql 。 "****SPACE****WHERE user_uid = ?"
-
为您的表发布创建语句