dongyakui8675 2018-08-26 14:16
浏览 50
已采纳

创建PHP / MySQL应用程序 - 所有登录尝试都失败

I'm creating a web application with PHP and MySQL. I have a register/login page set up. I have registered several accounts via the application, and I see the message saying the account has been created successfully, but when I attempt to login, it fails with an "Invalid username or password" error message. When I go to PHPMyAdmin, I can see that all the user accounts are present within the users table, and I can see the usernames and their passwords (the latter is in hashed format). So I don't understand why I can't log in.

This is my login form (in index.php):

<!-- login form -->
    <form method="post" action="php/login.php">
      <div class="form-group">
        <input class="form-control" type="text" name="username" placeholder="Username" required>
      </div>

      <div class="form-group">
        <input class="form-control" type="password" name="password" placeholder="Password" required>
      </div>

      <div class="form-group">
        <input class="btn btn-primary" type="submit" name="login" value="Login">
      </div>
    </form>
 <!-- ./login form -->

and this is login.php:

 <?php
  require_once "../functions.php";

  db_connect();

  $sql = "SELECT id, username, password FROM users WHERE username = ?";

  $statement = $conn->prepare($sql);
  $statement->bind_param('s', $_POST['username']);
  $statement->execute();
  $statement->store_result();
  $statement->bind_result($id, $username, $password);
  $statement->fetch();

  if ($statement->execute()) {
    if(password_verify($_POST['password'], $password)) {
      $_SESSION['user_id'] = $id;
      $_SESSION['user_username'] = $username;
      redirect_to("/home.php");
    } else {
      redirect_to("/index.php?login_error=true");
    }
  } else {
    echo "Error: " . $conn->error;
  }
  ?>

This is the code for the error message (in index.php):

<?php if(isset($_GET['login_error'])): ?>
<div class="alert alert-danger">
  <p>Invalid username or password!</p>
</div>

In the Apache access.log, I can see: 127.0.0.1 - - [26/Aug/2018:14:54:07 +0100] "GET /index.php?login_error=true HTTP/1.1" 200 1230 "http://localhost/index.php?registered=true" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"

  • 写回答

2条回答 默认 最新

  • doumou8527 2018-08-26 18:44
    关注

    I managed to find what was causing the problem. When I originally created the users table in the database, I set the maximum number of characters for the password field to 40. I didn't take into consideration that the hashed versions of the passwords are likely to be longer than 40 characters. Once I increased the limit from 40 to a much higher value and created a new account, I was able to log in successfully.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 Arcgis相交分析无法绘制一个或多个图形
  • ¥15 seatunnel-web使用SQL组件时候后台报错,无法找到表格
  • ¥15 fpga自动售货机数码管(相关搜索:数字时钟)
  • ¥15 用前端向数据库插入数据,通过debug发现数据能走到后端,但是放行之后就会提示错误
  • ¥30 3天&7天&&15天&销量如何统计同一行
  • ¥30 帮我写一段可以读取LD2450数据并计算距离的Arduino代码
  • ¥15 飞机曲面部件如机翼,壁板等具体的孔位模型
  • ¥15 vs2019中数据导出问题
  • ¥20 云服务Linux系统TCP-MSS值修改?
  • ¥20 关于#单片机#的问题:项目:使用模拟iic与ov2640通讯环境:F407问题:读取的ID号总是0xff,自己调了调发现在读从机数据时,SDA线上并未有信号变化(语言-c语言)