geçerli değil şifreyi gösteren php giriş hash_password tutmak

oy
-1

i giriş için karma şifreyi kullanmak çalışıyorum ama şifre geçerli olmadığını bana bir hata veren tutar. i şifre benim veritabanında sahip biri olarak aynıdır kontrol etmek yankı var dökümü kullandı. i çözümü aramış ve kullanımı gerçek kaçış dize yerine Döşeme ama hala sorunları çözmez için diyor. Emin i yanlış yapıyorum gibi değil.

login.php

<?php
// Initialize the session
session_start();

// Check if the user is already logged in, if yes then redirect him to welcome page
if(isset($_SESSION[loggedin]) && $_SESSION[loggedin] === true){
    header(location: welcome.php);
    exit;
}

// Include db file
require_once db.php;

// Define variables and initialize with empty values
$username = $password = ;
$username_err = $password_err = ;

// Processing form data when form is submitted
if($_SERVER[REQUEST_METHOD] == POST){

    // Check if username is empty
    if(empty(trim($_POST[username]))){
        $username_err = Please enter username.;
    } else{
        $username = trim($_POST[username]);
    }

    // Check if password is empty
    if(empty(trim($_POST[password]))){
        $password_err = Please enter your password.;
    } else{
        $password = trim($_POST[password]);
    }

    // Validate credentials
    if(empty($username_err) && empty($password_err)){
        // Prepare a select statement
        $sql = SELECT id, username, password FROM users WHERE username = ?;

        if($stmt = mysqli_prepare($db, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, s, $param_username);

            // Set parameters
            $param_username = $username;
            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                // Store result
                mysqli_stmt_store_result($stmt);

                // Check if username exists, if yes then verify password
                if(mysqli_stmt_num_rows($stmt) == 1){                    
                    // Bind result variables
                    mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password);
                    if(mysqli_stmt_fetch($stmt)){
                        if(password_verify($password, $hashed_password)){
                            // Password is correct, so start a new session
                            session_start();

                            // Store data in session variables
                            $_SESSION[loggedin] = true;
                            $_SESSION[id] = $id;
                            $_SESSION[username] = $username;                            

                            // Redirect user to welcome page
                            header(location: welcome.php);
                        } else{
                            // Display an error message if password is not valid
                            $password_err = The password you entered was not valid.;
                        }
                    }
                } else{
                    // Display an error message if username doesn't exist
                    $username_err = No account found with that username.;
                }
            } else{
                echo Oops! Something went wrong. Please try again later.;
            }
        }


        // Close statement
        mysqli_stmt_close($stmt);
    }

    // Close connection
    mysqli_close($db);
}
?>

add.php

<?php
// Include db file
require_once db.php;

// Define variables and initialize with empty values
$username = $password = $confirm_password = ;
$username_err = $password_err = $confirm_password_err = ;

// Processing form data when form is submitted
if($_SERVER[REQUEST_METHOD] == POST){

    // Validate username
    if(empty(trim($_POST[username]))){
        $username_err = Please enter a username.;
    } else{
        // Prepare a select statement
        $sql = SELECT id FROM users WHERE username = ?;

        if($stmt = mysqli_prepare($db, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, s, $param_username);

            // Set parameters
            $param_username = trim($_POST[username]);

            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                /* store result */
                mysqli_stmt_store_result($stmt);

                if(mysqli_stmt_num_rows($stmt) == 1){
                    $username_err = This username is already taken.;
                } else{
                    $username = trim($_POST[username]);
                }
            } else{
                echo Oops! Something went wrong. Please try again later.;
            }
        }

        // Close statement
        mysqli_stmt_close($stmt);
    }

    // Validate password
    if(strlen(trim($_POST[password])) < 6){
        $password_err = Password must have atleast 6 characters.;
    } else{
        $password = trim($_POST[password]);
    }

    // Check input errors before inserting in database
    if ( !empty($_POST['username']) && !empty($_POST['password'])
    && !empty($_POST['firstname']) && !empty($_POST['surname']) 
    && !empty($_POST['addressline']) && !empty($_POST['addressline2'])
    && !empty($_POST['city']) && !empty($_POST['telephone']) 
    && !empty($_POST['mobile'])) {

        // Prepare an insert statement
        $sql= INSERT INTO users (username, password, firstname, surname, addressline, addressline2,
        city, telephone, mobile)
        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);
        $f = mysqli_real_escape_string($db, $_POST['firstname']);
        $s = mysqli_real_escape_string($db, $_POST['surname']);
        $a = mysqli_real_escape_string($db, $_POST['addressline']);
        $aa = mysqli_real_escape_string($db, $_POST['addressline2']);
        $c = mysqli_real_escape_string($db, $_POST['city']);
        $t = mysqli_real_escape_string($db, $_POST['telephone']);
        $m = mysqli_real_escape_string($db, $_POST['mobile']);

        if($stmt = mysqli_prepare($db, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, sssssssss, $param_username, $param_password, $f, $s, $a, $aa, $c, $t, $m);

            // Set parameters
            $param_username = $username;
            $param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash

            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                // Redirect to log page
                header(location: login.php);
                $message = Account created successfully! Click OK to proceed to login page.;
                echo <script type='text/javascript'>alert('$message');</script>;
            } else{
                echo Something went wrong. Please try again later.;
            }
        }

        // Close statement
        mysqli_stmt_close($stmt);
    }

    // Close connection
    mysqli_close($db);
}
?>

Oluştur 03/12/2019 saat 00:05
kaynak kullanıcı
Diğer dillerde...                            


1 cevaplar

geçerli değil şifreyi gösteren php giriş hash_password tutmak

oy
-1

i giriş için karma şifreyi kullanmak çalışıyorum ama şifre geçerli olmadığını bana bir hata veren tutar. i şifre benim veritabanında sahip biri olarak aynıdır kontrol etmek yankı var dökümü kullandı. i çözümü aramış ve kullanımı gerçek kaçış dize yerine Döşeme ama hala sorunları çözmez için diyor. Emin i yanlış yapıyorum gibi değil.

login.php

<?php
// Initialize the session
session_start();

// Check if the user is already logged in, if yes then redirect him to welcome page
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
    header("location: welcome.php");
    exit;
}

// Include db file
require_once "db.php";

// Define variables and initialize with empty values
$username = $password = "";
$username_err = $password_err = "";

// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){

    // Check if username is empty
    if(empty(trim($_POST["username"]))){
        $username_err = "Please enter username.";
    } else{
        $username = trim($_POST["username"]);
    }

    // Check if password is empty
    if(empty(trim($_POST["password"]))){
        $password_err = "Please enter your password.";
    } else{
        $password = trim($_POST["password"]);
    }

    // Validate credentials
    if(empty($username_err) && empty($password_err)){
        // Prepare a select statement
        $sql = "SELECT id, username, password FROM users WHERE username = ?";

        if($stmt = mysqli_prepare($db, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, "s", $param_username);

            // Set parameters
            $param_username = $username;
            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                // Store result
                mysqli_stmt_store_result($stmt);

                // Check if username exists, if yes then verify password
                if(mysqli_stmt_num_rows($stmt) == 1){                    
                    // Bind result variables
                    mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password);
                    if(mysqli_stmt_fetch($stmt)){
                        if(password_verify($password, $hashed_password)){
                            // Password is correct, so start a new session
                            session_start();

                            // Store data in session variables
                            $_SESSION["loggedin"] = true;
                            $_SESSION["id"] = $id;
                            $_SESSION["username"] = $username;                            

                            // Redirect user to welcome page
                            header("location: welcome.php");
                        } else{
                            // Display an error message if password is not valid
                            $password_err = "The password you entered was not valid.";
                        }
                    }
                } else{
                    // Display an error message if username doesn't exist
                    $username_err = "No account found with that username.";
                }
            } else{
                echo "Oops! Something went wrong. Please try again later.";
            }
        }


        // Close statement
        mysqli_stmt_close($stmt);
    }

    // Close connection
    mysqli_close($db);
}
?>

add.php

<?php
// Include db file
require_once "db.php";

// Define variables and initialize with empty values
$username = $password = $confirm_password = "";
$username_err = $password_err = $confirm_password_err = "";

// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){

    // Validate username
    if(empty(trim($_POST["username"]))){
        $username_err = "Please enter a username.";
    } else{
        // Prepare a select statement
        $sql = "SELECT id FROM users WHERE username = ?";

        if($stmt = mysqli_prepare($db, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, "s", $param_username);

            // Set parameters
            $param_username = trim($_POST["username"]);

            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                /* store result */
                mysqli_stmt_store_result($stmt);

                if(mysqli_stmt_num_rows($stmt) == 1){
                    $username_err = "This username is already taken.";
                } else{
                    $username = trim($_POST["username"]);
                }
            } else{
                echo "Oops! Something went wrong. Please try again later.";
            }
        }

        // Close statement
        mysqli_stmt_close($stmt);
    }

    // Validate password
    if(strlen(trim($_POST["password"])) < 6){
        $password_err = "Password must have atleast 6 characters.";
    } else{
        $password = trim($_POST["password"]);
    }

    // Check input errors before inserting in database
    if ( !empty($_POST['username']) && !empty($_POST['password'])
    && !empty($_POST['firstname']) && !empty($_POST['surname']) 
    && !empty($_POST['addressline']) && !empty($_POST['addressline2'])
    && !empty($_POST['city']) && !empty($_POST['telephone']) 
    && !empty($_POST['mobile'])) {

        // Prepare an insert statement
        $sql= "INSERT INTO users (username, password, firstname, surname, addressline, addressline2,
        city, telephone, mobile)
        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)";
        $f = mysqli_real_escape_string($db, $_POST['firstname']);
        $s = mysqli_real_escape_string($db, $_POST['surname']);
        $a = mysqli_real_escape_string($db, $_POST['addressline']);
        $aa = mysqli_real_escape_string($db, $_POST['addressline2']);
        $c = mysqli_real_escape_string($db, $_POST['city']);
        $t = mysqli_real_escape_string($db, $_POST['telephone']);
        $m = mysqli_real_escape_string($db, $_POST['mobile']);

        if($stmt = mysqli_prepare($db, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, "sssssssss", $param_username, $param_password, $f, $s, $a, $aa, $c, $t, $m);

            // Set parameters
            $param_username = $username;
            $param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash

            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                // Redirect to log page
                header("location: login.php");
                $message = "Account created successfully! Click OK to proceed to login page.";
                echo "<script type='text/javascript'>alert('$message');</script>";
            } else{
                echo "Something went wrong. Please try again later.";
            }
        }

        // Close statement
        mysqli_stmt_close($stmt);
    }

    // Close connection
    mysqli_close($db);
}
?>

Cevap 03/12/2019 saat 00:05
kaynak kullanıcı

Cookies help us deliver our services. By using our services, you agree to our use of cookies. Learn more