dtuzjzs3853 2016-09-29 13:40
浏览 90

AngularJS PHP MYSQL用户登录

I am working on a web application that requires the user to login in order to have access to the content. I am new to PHP, so I am trying to figure out if there is something wrong with my code when I try to retrieve the information from the database. 

<?php 

include('./connection.php');
$loginInfo = json_decode(file_get_contents('php://input'));
$username = $loginInfo->username;
$password = password_hash($loginInfo->password, PASSWORD_DEFAULT);

$q = $db->prepare("SELECT * FROM userauth WHERE username=:username AND password=:password");
$q->bindParam(':username', $username, PDO::PARAM_STR);
$q->bindParam(':password', $password, PDO::PARAM_STR);
$q->execute();

$userRow=$q->fetch(PDO::FETCH_ASSOC);

if($userRow == true){
    print 'success';
}else{
    print 'error';
}

?>

Here is the Service for the Angular:

'use strict';

app.factory('loginSrv', function($http,$location){
return{
    login:function(loginInfo, scope){
        var $promise = $http.post('../app_back_end/app_endpoints/login.php', loginInfo);
        $promise.then(function(msg){
            if(msg.data == 'success'){
                console.log('success login');
                $location.path('/profile');
            }
            else {
                console.log('error login');
                scope.msgtxt = 'Want to try again? :)';
            }
        });
    }
}
});
  • 写回答

1条回答 默认 最新

  • dongyi2889 2016-09-29 13:46
    关注

    password_hash() will not generate the same result twice from the same input.

    So even if the entered password is the same as was entered originally when you re hash it, you wont get the same hash.

    This is what password_verify() was invented for, so do your search using just the username and then use password_verify() to check passwords are the same.

    <?php 

include('./connection.php');
$loginInfo = json_decode(file_get_contents('php://input'));
$username = $loginInfo->username;


$q = $db->prepare("SELECT * FROM userauth WHERE username=:username");
$q->bindParam(':username', $username, PDO::PARAM_STR);
$q->execute();

$userRow=$q->fetch(PDO::FETCH_ASSOC);

if(password_verify($loginInfo->password , $userRow['password'])){
    print 'success';
}else{
    print 'error';
}
?>
    评论

报告相同问题?

悬赏问题

  • ¥15 keil的map文件中Image component sizes各项意思
  • ¥30 BC260Y用MQTT向阿里云发布主题消息一直错误
  • ¥20 求个正点原子stm32f407开发版的贪吃蛇游戏
  • ¥15 划分vlan后,链路不通了?
  • ¥20 求各位懂行的人,注册表能不能看到usb使用得具体信息,干了什么,传输了什么数据
  • ¥15 Vue3 大型图片数据拖动排序
  • ¥15 Centos / PETGEM
  • ¥15 划分vlan后不通了
  • ¥20 用雷电模拟器安装百达屋apk一直闪退
  • ¥15 算能科技20240506咨询(拒绝大模型回答)