2013-09-26 17:49

PHP PDO登录脚本不起作用。 包含错误


I´m not very familiar with security, therefore I rely on what I find on the internet. I found a site of someone who explains a bit what he does and how his method works. People may copy-paste it to ease things up. Though I do understand quite a lot, I couldn't come up with it myself (I'm pretty new to PHP/XHTML, etc.)

The website: How to store safely with PHP and MySQL

He uses PDO in his tutorial. And I am able to store the information in the database. But when I try to use the script in which he provides the code for actually logging in, though it seems it contains errors.

I've worked everything out and everything works fine, but the comparison of the hashed password with the inserted password (with the hash, etc.) does not work properly.

What is going on here?

Thanks in advance!


People have been asking for the code so, here it is:


  // Setting up a connection
  $MyConnection = new PDO('mysql:host=*;dbname=*', $dbuser, $pass);

  // Retrieving information from form.
  $username = $_POST['username'];
  $password = $_POST['password'];

  $sth = $MyConnection->prepare("SELECT * FROM AMP_Users WHERE Username = :username LIMIT 1");
  $sth->bindParam(':username', $username);

  $user = $sth->fetch(PDO::FETCH_OBJ);

  // Hashing the password with its hash as the salt returns the same hash
  if (crypt($password, $user->hash) == $user->hash) {
    echo 'You are now logged in. If we actually used sessions this time.';

I will add a $_SESSION['name'] = $username, once the code starts to work. Until now I simply echo out if it worked out or not. And it doesn't show anything, so it doesn't work.


Just as a quick update, the script provided by me, is the WHOLE script. Nothing is let out. (Except names of databases, etc.) Therefore I wonder if the problem may be that I don't use the hashing script of the saving the passwords into the database. Though I have put it in, it still doesn't respond. Am I still doing something wrong?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答


  • douyan6548 douyan6548 8年前
         $name = $_POST['username'];
         $pass = crypt($_POST['password'], '$2a$07$Hd893nD39Jdjd48Jdh3nD$');
         $conn = new PDO('mysql:host=*; dbname=*', 'root', '');
         $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
         $conn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);    
         $stmt  = $conn->prepare('SELECT * FROM user WHERE name = ? AND password = ?');
         $stmt->execute(array($name, $pass));
         if($stmt->rowCount() === 0){
             echo 'Your Username / Password is incorrect. Please try again';
             echo 'login success';
    点赞 评论 复制链接分享
  • douxugu5836 douxugu5836 8年前

    I modified it to run in mysqli and it works fine:

                $getAuth=$dbConAU->prepare("SELECT Password FROM Users WHERE UserName=? LIMIT 1");
                if (crypt($Password, $hash) == $hash) {
                    return "OK";
                    else { return "Not OK"; }
    点赞 评论 复制链接分享
  • drbouzlxb92333332 drbouzlxb92333332 8年前

    Maybe you have to check the length of the field that you store the password on the database... If the length is small then the hashed password will not stored as whole.. you will store a part of it!

    点赞 评论 复制链接分享
  • douhutongvm382381 douhutongvm382381 7年前

    I know this thread is a few months old but someone might find this SunnyTuts php pdo login and registration tutorial

    tutorial helpful. I found both this thread and the tutorial while looking for a secure way to allow users to login. Being new to php and web design I found it a small bit hard to follow but I'm sure it will seem like a piece of cake to some of you....

    点赞 评论 复制链接分享