PHP password_verify() 似乎不起作用
[英]PHP password_verify() doesn't seem to work
问题描述
I have been going through the password_hash() and password_verify() methods in PHP and I've been trying to include that in my code.
我一直在研究 PHP 中的password_hash()和password_verify()方法,并且我一直试图将其包含在我的代码中。 I can't seem to get it to work, I've gone through series of googling and even some of the questions here on SO but they don't seem to resolve the issue.我似乎无法让它工作,我已经经历了一系列的谷歌搜索,甚至还有一些关于 SO 的问题,但他们似乎没有解决这个问题。
My column length in the database is 255. When I try to run the code, I get the $loginerror message.我在数据库中的列长度是 255。当我尝试运行代码时,我收到$loginerror消息。 Here's my code block.这是我的代码块。 Please what am I doing wrong.请问我做错了什么。
$signin_email=$_POST['signin_email'];
$signin_password=$_POST['signin_password'];
if($valid){
require_once 'scripts/connect_to_mysql.php';
$sql = "SELECT First_name, Last_name,Password FROM customer WHERE Email=? AND Password=? LIMIT 1";
$stmt=$conn->prepare($sql);//preparing the statement
if(!$stmt){
echo "Unable to prepare: ".$conn->errno. " " .$conn->error;
}
//executing the statement
//$date=date('d m Y h:i:s');
if(!$stmt->bind_param('ss', $signin_email, $signin_password)){//bind parameters to sql statement. i=integer, s=string, b=blob, d=double
echo "Binding parameters failed: ".$stmt->errno. " " . $stmt->error;
}
if(!$stmt->execute()){//executing the statement
echo "Statement Execution failed: ". $stmt->error;
}
if(!$stmt->bind_result($dbfirstname,$dblastname,$dbpassword)){// used to bind variables to a prepared statement for result storage
echo "Unable to bind results to variables: ".$stmt->error;
}
$stmt->store_result();
//echo $stmt->num_rows;
echo $dbpassword;
if(password_verify($signin_password, $dbpassword)){
if($stmt->num_rows===1){//to check if username and password actually exists
while($row=$stmt->fetch()){
$user=$dbfirstname. " ". $dblastname;
echo $user;
}
/*$_SESSION['user']=$user;
header('location:logintest.php');
exit();*/
}
}
else{
//$error="Invalid Email address/Password. Please try again";
$loginerror= "Invalid Email address/Password. Please try again";
}
$stmt->close();//closing the prepared statement
$conn->close();//closing the connection
}
2 个解决方案
解决方案1
1 2014-04-16 11:13:30
Problem does not lie in password_verify but in way that you build your query:问题不在于password_verify而在于您构建查询的方式:
`$sql ="SELECT First_name, Last_name,Password FROM customer WHERE Email=? AND Password=? LIMIT 1";
You bind $signin_password to that query and it contains not hashed value from $_POST .您将$signin_password绑定到该查询,它不包含来自$_POST散列值。
There are 2 solutions:有2种解决方案:
1) remove AND Password=? 1) 删除AND Password=? from your query - you will check your password with password_verify从您的查询中 - 您将使用password_verify检查您的password_verify
2) change $signin_password to: 2) 将$signin_password更改为:
$signin_password=password_hash($_POST['signin_password']);
(but this way using password_verify is kind of irrelevant. (但这种使用 password_verify 的方式是无关紧要的。
解决方案2
-1 2014-04-16 11:15:20
$signin_password=$_POST['signin_password'];
$hash = password_hash($dbpassword, PASSWORD_DEFAULT);
if (password_verify($signin_password, $hash))
{
echo 'Password is valid!';
}
else
{
echo 'Invalid password.';
}
Try with this :) Better option is just build your own query.试试这个:) 更好的选择是构建你自己的查询。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.