即使我输入正确的密码，为什么我总是被重定向到登录页面？

Posted 2021-03-31

输入正确的凭据后，我总是一次又一次地重定向到login.php。当我输入写密码时，我需要被重定向到insert_package.php。当我进入

本地主机/ myproject的/ insert_package.php

在URL中，它会自动将我重定向到登录页面，但是输入写入密码不允许我输入insert_package.php。

码

的login.php

<?php
// Include config file
require_once '../config.php';

// Define variables and initialize with empty values
$username = $password = "";
$username_err = $password_err = "";

// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){

    // Check if username is empty
    if(empty(trim($_POST["username"]))){
        $username_err = 'Please enter username.';
    } else{
        $username = trim($_POST["username"]);
    }

    // Check if password is empty
    if(empty(trim($_POST['password']))){
        $password_err = 'Please enter your password.';
    } else{
        $password = trim($_POST['password']);
    }

    // Validate credentials
    if(empty($username_err) && empty($password_err)){
        // Prepare a select statement
        $sql = "SELECT username, password FROM users WHERE username = ?";

        if($stmt = mysqli_prepare($conn, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, "s", $param_username);

            // Set parameters
            $param_username = $username;

            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                // Store result
                mysqli_stmt_store_result($stmt);

                // Check if username exists, if yes then verify password
                if(mysqli_stmt_num_rows($stmt) == 1){                    
                    // Bind result variables
                    mysqli_stmt_bind_result($stmt, $username, $hashed_password);
                    if(mysqli_stmt_fetch($stmt)){
                        if(password_verify($password, $hashed_password)){
                            /* Password is correct, so start a new session and
                            save the username to the session */
                            session_start();
                            $_SESSION['username'] = $username;      
                            header("location: insert_package.php");
                        } else{
                            // Display an error message if password is not valid
                            $password_err = 'The password you entered was not valid.';
                        }
                    }
                } else{
                    // Display an error message if username doesn't exist
                    $username_err = 'No account found with that username.';
                }
            } else{
                echo "Oops! Something went wrong. Please try again later.";
            }
        }

        // Close statement
        mysqli_stmt_close($stmt);
    }

    // Close connection
    mysqli_close($conn);
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Login</title>
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
    <style type="text/css">
        body{ font: 14px sans-serif; }
        .wrapper{ width: 350px; padding: 20px; }
    </style>
</head>
<body>
    <div class="wrapper">
        <h2>Login</h2>
        <p>Please fill in your credentials to login.</p>
        <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
            <div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
                <label>Username</label>
                <input type="text" name="username"class="form-control" value="<?php echo $username; ?>">
                <span class="help-block"><?php echo $username_err; ?></span>
            </div>    
            <div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
                <label>Password</label>
                <input type="password" name="password" class="form-control">
                <span class="help-block"><?php echo $password_err; ?></span>
            </div>
            <div class="form-group">
                <input type="submit" class="btn btn-primary" value="Login">
            </div>
            <p>Don't have an account? <a href="register.php">Sign up now</a>.</p>
        </form>
    </div>    
</body>
</html>

insert_package.php

<?php
// Initialize the session
session_start();

// If session variable is not set it will redirect to login page
if(!isset($_SESSION['username']) || empty($_SESSION['username'])){
  header("location: login.php");
  exit;
}
?>

<?php   
include('sidebar.php');?>
<html>
<head>
<title  >INSERT PACKAGE</title>

</head>
<body>
<br />

<table cellpadding="50" border='1' align="center">
<form action="insert.php" method="post" name="file" enctype="multipart/form-data" autocomplete="off" ><br />

<tr>
    <td>Package Name</td>
    <td><input type="text" name="pname"  /></td>
</tr>

<tr>
    <td>Image</td>
    <td><input type="file" name="fimage"  /></td>
</tr>


<tr>
    <td >
    <input type="submit" name="submit" value="INSERT"  />
    <input type="submit" name="submit2" value="VIEW"  />


    <input type="submit" name="submit3" value="DELETE"  /></td>

</tr>
</form>

</body>
</html>

答案

数据库中的哈希密码与密码不匹配。你应该做这样的事情

Register.php

// Hash a new password for storing in the database.
function saveUser($username, $password) {
    $hashPassword = password_hash($password, PASSWORD_BCRYPT);
    // save $username and $hashPassword to db with insert into...
}

的login.php

if(password_verify($password, $hashed_password)){
     session_start();
     $_SESSION['username'] = $username;      
     header("location: insert_package.php");
}