问题
This code always returns wrong username and password though its right and same function works for my admin login system. It worked some time ago, and now it won't.
function login($user,$pass,$accountType){
require('connection.php');
$result=mysqli_query($con,"select * From $accountType");
$regex="/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/";
if(preg_match($regex, $user)){
if(mysqli_num_rows($result)>0){
while($row=mysqli_fetch_assoc($result)){
$username=$row['username'];
$password=$row['password'];
if($user==$username){
if (password_verify($pass,$password)){
if($accountType=='student'){
$_SESSION['student']='$user';
header('Location:studentprofile.php');
exit();
}
elseif($accountType=='teacher'){
$_SESSION['student']='$user';
header('Location:teacherprofile.php');
exit();
}
elseif($accountType=='admin'){
header('Location:admin.html');
exit();
}
}
else
{
$_SESSION['error']="wrong password"."<br>";
}
}
else{
$_SESSION['error']="Wrong username "."<br>";
}
}
}
else{
$_SESSION['error']="No data found";
}
}
else{
$_SESSION['error']="not a valid email,";
}
}
回答1:
From comments "i have specified varchar(20) for storing password in the database"
The password field should be large. The password_hash() can generate some very lengthy text (the current default is 60 characters), so making the field larger, such as varchar(254) or text will allow for the length needed. The PHP team is adding more algorithms to the method which means the hash can and will grow. We also do not want to limit our user's ability to use the password or passphrase of their choice. It's best to leave room for the change
来源:https://stackoverflow.com/questions/52314752/my-login-function-is-unable-to-match-username-and-password-stored-in-the-databas