问题描述
我总结了这是我的登录功能代码,我使用的是 CodeIgniter 框架。我试图让用户使用他们的电子邮件和密码登录。我正在尝试使用 bcrypt 哈希密码登录,但我的编码肯定有问题,因为它没有记录并且一直显示无效。
public function login()
{
if ($this->session->userdata('logged_in') == 1
&& in_array($this->session->userdata('user_type'),['Admin','Member']) {
redirect('dashboard','location');
}
$this->form_validation->set_rules('username','Username','trim|required');
$this->form_validation->set_rules('password','Password','trim|required');
if ($this->form_validation->run() == false) {
$this->login_page();
} else {
$this->csrf_token_check();
$username = ($this->input->post('username',true));
$password = ($this->input->post('password',true));
$table = 'users';
if($this->config->item('master_password') != '') {
if ($_POST['password']) {
$where['where'] = array('email' => $username); //master password
} else {
$where['where'] = array('email' => $username,'password' => $password);
}
} else {
$where['where'] = array('email' => $username,'password' => $password);
}
$info = $this->basic->get_data($table,$where,$select = '',$join = '',$limit = '',$start = '',$order_by = '',$group_by = '',$num_rows = 1);
$count = $info['extra_index']['num_rows'];
if ($count == 0) {
$this->session->set_flashdata('login_msg',$this->lang->line("invalid email or password"));
redirect(uri_string());
} else {
$username = $info[0]['name'];
if ($logo=="") {
$logo=base_url("assets/img/avatar/avatar-1.png");
} else {
$logo=base_url().'member/'.$logo;
}
$this->session->set_userdata('logged_in',1);
$this->session->set_userdata('username',$username);
$this->basic->insert_data('user_login_info',$login_info_insert_data);
$this->basic->update_data("users",array("id"=>$user_id),array("last_login_at"=>date("Y-m-d H:i:s"),'last_login_ip'=>$login_ip)); if(function_exists('fb_app_set'))fb_app_set();
if ($this->session->userdata('logged_in') == 1
&& in_array($this->session->userdata('user_type'),'Member']) {
redirect('dashboard','location');
}
}
}
}
解决方法
这个答案是针对 CI3 的,因为你没有提到版本。
首先,我认为您将 $username 用于 DB 中的 email 字段很奇怪。您可以更正您的命名约定。
我认为这段代码一定给你带来了问题
if($this->config->item('master_password') != '')
{
if(($_POST['password']))
$where['where'] = array('email' => $username); //master password
else $where['where'] = array('email' => $username,'password' => $password);
}
else $where['where'] = array('email' => $username,'password' => $password);
如果您在 CI 中直接使用上述 $where 作为 $this->db->where($where),您的代码应该是
if($this->config->item('master_password') != '')
{
if(($_POST['password']))
$where = array('email' => $username); //master password
else $where = array('email' => $username,'password' => $password);
}
else $where = array('email' => $username,'password' => $password);
注意,我从 where 数组中删除了 $where 键。
此外,如果您使用 bcrypt 在 db 中存储密码,则必须先获取行,然后像这样比较密码:
$where = array('email' => $username);
$info = $this->basic->get_data($table,$where,$select = '',$join = '',$limit = '',$start = '',$order_by = '',$group_by = '',$num_rows = 1);
if ($this->bcrypt->check_password($password,$info[0]['password'])) {
//We're good,login to the system
} else {
//Wrong password
}
我认为,您的其他代码(如 $this->basic->get_data 函数)也应该进行审查。要调试,请尝试将 var_dump($info[0]); 放在此函数之后,您将知道是否有该行。
此外,您可以使用 $str = $this->db->last_query(); 打印出上次运行的查询。