dtp0760 2017-01-23 22:01
浏览 70
已采纳

我的PHP登录表单一直说错密码

my login form look like this:

<form class="form-signin" method="post" id="login-form">
            <div id="img_container" class="imgcontainer">
                <img src="../images/img_avatar2.png" alt="Avatar" class="avatar">
            </div>
             <?php
  if(isset($msg)){
   echo $msg;
  }
  ?>
                <div id="container" class="container">
                    <label><b>Navn</b></label>
                        <input type="text" placeholder="Enter E-mail" name="email" required>

                    <label><b>Password</b></label>
                        <input type="password" placeholder="Enter Password" name="psw" required>

                    <button type="submit" name="btn-login" id="btn-login">Login!</button>
                    <input type="checkbox" checked="checked"> Rember me
                    <span class="psw"><a href="#">Forgot your passowrd?</a></span>
                </div>
            </form>

and my connection to the database look like this:

<?php
session_start();
require_once '../db/dbconnect.php';


if (isset($_POST['btn-login'])) {

 $email = strip_tags($_POST['email']);
 $password = strip_tags($_POST['psw']);

 $email = $DBcon->real_escape_string($email);
 $password = $DBcon->real_escape_string($password);

 $query = $DBcon->query("SELECT user_id, email, psw FROM Users WHERE email='$email'");
 $row=$query->fetch_array();

 $count = $query->num_rows; // if email/password are correct returns must be 1 row

 if (password_verify($password, $row['psw']) && $count==1) {
  $_SESSION['userSession'] = $row['user_id'];
  header("Location: student.php");
 } else {
  $msg = "<div class='alert alert-danger'>
     <span class='glyphicon glyphicon-info-sign'></span> &nbsp; Invalid E-mail or Password !
    </div>";
 }
 $DBcon->close();
}
?>

My connection to the database is fine, but the error "Invalid E-mail or Password !" keeps appearing, but i have testet what the input is the right data.

is it because my password in the database hashed? or do i just have a stupid mistake?

EDIT 1:

This is what i do before the hashing of the password under user creation. I this works fine, i dont have any error in making the user, it is under the login the error is appearing

 $uname = strip_tags($_POST['uname']);
 $upass = strip_tags($_POST['psw']);
 $phone = strip_tags($_POST['mobil']);
 $email = strip_tags($_POST['email']);
 $lat = strip_tags($_POST['lat']);
 $long = strip_tags($_POST['long']);
 $role = strip_tags($_POST['role']);

 $uname = $DBcon->real_escape_string($uname);
 $upass = $DBcon->real_escape_string($upass);
 $phone = $DBcon->real_escape_string($phone);
 $email = $DBcon->real_escape_string($email);
 $lat = $DBcon->real_escape_string($lat);
 $long = $DBcon->real_escape_string($long);
 $role = $DBcon->real_escape_string($role);
  • 写回答

2条回答 默认 最新

  • dtz33344 2017-01-23 22:38
    关注

    From Proper Password Preparation with PHP

    The password_hash() function can generate some very lengthy text (the current default is 60 characters), so making the field as large as possible now will allow for the length needed. Secondly the PHP team is adding more algorithms to the method which means the hash can and will grow. We also do not want to limit our user's ability to use the password or passphrase of their choice. It's best to leave room for the changes.

    In addition: Make sure you don't escape passwords or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 win11家庭中文版安装docker遇到Hyper-V启用失败解决办法整理
  • ¥15 gradio的web端页面格式不对的问题
  • ¥15 求大家看看Nonce如何配置
  • ¥15 Matlab怎么求解含参的二重积分?
  • ¥15 苹果手机突然连不上wifi了?
  • ¥15 cgictest.cgi文件无法访问
  • ¥20 删除和修改功能无法调用
  • ¥15 kafka topic 所有分副本数修改
  • ¥15 小程序中fit格式等运动数据文件怎样实现可视化?(包含心率信息))
  • ¥15 如何利用mmdetection3d中的get_flops.py文件计算fcos3d方法的flops?