更新时间:2023-11-07 23:42:04
如果您从password_verify获得不正确的错误回复,并且您知道它应该是正确的,确保你将散列变量放在单引号(')中而不是双引号()。
在PHP中任何以$在双引号内作为变量。
I can't figure out why I'm getting out my password incorrect, my signup page is working properly.Everytime I try to login it shows login=incorrect password in my url.I tried to figure ot every possible issue online but nothing helped me.
<?php
session_start();
if(isset($_POST['submit'])){
include_once 'dbt.inc.php';
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
//error handlers
if(empty($username) || empty($password)){
header("Location: ../main_login.php?login=empty");
exit();
}
else{
$sql = "SELECT * FROM users WHERE user_username = '$username'";
$run = mysqli_query($conn, $sql);
$result = mysqli_num_rows($run);
if ($result < 1) {
header("Location: ../main_login.php?login=error");
exit();
}
else{
if ($row = mysqli_fetch_assoc($run)) {
$hashedpasswordcheck = password_verify($password, $row['user_password']);
if ($hashedpasswordcheck == false) {
header("Location: ../main_login.php?login=incorrect password");
exit();
}
elseif($hashedpasswordcheck == true){
//log in user
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['user_first'] = $row['user_first'];
$_SESSION['user_last'] = $row['user_last'];
$_SESSION['user_email'] = $row['user_email'];
$_SESSION['user_username'] = $row['user_username'];
$_SESSION['user_password'] = $row['user_password'];
header("Location: ../main_login.php?login=success");
exit();
}
}
}
}
}
else{
header("Location: ../main_login.php?login=error");
exit();
}
?>
If you get incorrect false responses from password_verify and you know it should be correct, make sure you are enclosing the hash variable in single quotes (') and not double quotes (").
In PHP anything that starts with a $ inside double quotes as a variable.