无法使php password_verify()正常工作
[英]Can't get php password_verify() to work
问题描述
I'm using php 7 and postgres and I'm failing to get this password hash thing down. 
我正在使用php 7和postgres,但无法将密码哈希值降低。
Here's my user Registration. 这是我的用户注册。 It's outputting passwords to the db similar to "$2y$10$1GWNRZokmwGR1/dxnMRiOuw4/dNh2IzH9O2QvIu5wjlLAX2OZRW5G" which seems to work: 它正在向数据库输出类似于“ $ 2y $ 10 $ 1GWNRZokmwGR1 / dxnMRiOuw4 / dNh2IzH9O2QvIu5wjlLAX2OZRW5G”的密码,该密码似乎可以正常工作:
<?php
include 'core/init.php';
if (empty($_POST) === false) {
$required_fields = array('username', 'password', 'confirm_password', 'first_name', 'last_name', 'email_address', 'phone',
'department', 'group_role');
foreach ($_POST as $key => $value) {
if (empty($value) && in_array($key, $required_fields) === true) {
$errors[] = 'Fields marked with asterisk are required';
break 1;
}
}
}
if (empty($errors) === true) {
if (user_exists($_POST['username']) === true) {
$errors[] = 'Sorry, the username \'' . $_POST['username'] . '\' is already taken';
}
if (preg_match("/\\s/", $_POST['username']) == true) {
$errors[] = 'Your useranme must not contain any spaces';
}
if (strlen($_POST['password']) < 14) {
$errors[] = 'Your password must be at least 14 characters';
}
if ($_POST['password'] !== $_POST['confirm_password']) {
$errors[] = 'You passwords do not match';
}
if (filter_var($_POST['email_address'], FILTER_VALIDATE_EMAIL) === false) {
$errors[] = 'A valid email address is required';
}
if (email_exists($_POST['email_address']) === true) {
$errors[] = 'Sorry, this email \'' . $_POST['email_address'] . '\' is already registered';
}
}
if (isset($_GET['success']) && empty($_GET['success'])) {
include 'include/iHead.php';
include 'include/widgets/login.php';
include 'include/widgets/login_report.php';
if (empty($errors) === false) {
?>
<h3>Registration Successful! You will receive an email once your registration is approved. </h3>
<?php
include 'include/widgets/login_rpt.php';
}
} else {
if (empty($_POST) === false && empty($errors) === true) {
$user_req = $_POST['username'];
$password = $_POST['password'];
$hashedPassword = password_hash($password, PASSWORD_DEFAULT)."\n";
$register_data = array(
'username' => $_POST['username'],
'password' => $hashedPassword,
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email_address' => $_POST['email_address'],
'phone' => $_POST['phone'],
'department' => $_POST['department'],
'region' => $_POST['region'],
'group_role' => $_POST['group_role'],
'active' => 0
);
register_user($register_data);
header('Location: register.php?success');
exit();
} else if (empty($errors) === false) {
include 'include/iHead.php';
include 'include/widgets/login.php';
include 'include/widgets/login_report.php';
if (empty($errors) === false) {
?>
<h3>Registration unsuccessful: </h3>
<?php
echo output_errors($errors);
include 'include/widgets/login_rpt.php';
}
}
}
function email_exists($email) {
$email = sanitize($email);
// echo "SELECT COUNT (userid) FROM user_profiles WHERE email_address = '$email'";
return (pg_fetch_result(pg_query("SELECT COUNT (userid) FROM user_profiles WHERE email_address = '$email'"), 0) == 1) ? true : false;
}
?>
And here is my login script: 这是我的登录脚本:
<?php
include 'core/init.php';
if (empty($_POST) === false) {
$username = $_POST['username'];
$password = $_POST['password'];
if (empty($username) === true || empty($password) === true) {
$errors[] = 'Please enter a username and password';
} else if (user_exists($username) === false) {
$errors[] = 'Username not found. Please register.';
} else if (user_active($username) === false) {
$errors[] = 'Account not active';
} else {
if (strlen($password) > 32) {
$errors[] = 'Password too long';
}
$hash = login($username, $password);
if (password_verify($password, "$hash")) {
$_SESSION['userid'] = $login;
header('Location: main.php');
exit;
} else {
$errors[] = " Username & Password are incorrect";
}
}
} else {
header('Location: index.php');
}
include 'include/iHead.php';
include 'include/widgets/login.php';
include 'include/widgets/login_report.php';
if (empty($errors) === false) {
?>
<h3>login unsuccessful: </h3>
<?php
echo output_errors($errors);
include 'include/widgets/login_rpt.php';
include 'include/eFoot.php';
}
function login($username, $password) {
$user_id = get_id($username);
$username = sanitize($username);
// $hash = password_hash($password, PASSWORD_DEFAULT);
$row = pg_fetch_assoc(pg_query("SELECT password FROM user_profiles WHERE username = '$username'"));
$hash = $row['password'];
return $hash;
}
?>
I'm new to php, so any help would be outstanding!!! 我是php新手,所以任何帮助都非常出色!!!
1 个解决方案
解决方案1
0 2016-04-07 13:43:21
Okay, thank you for your answers, but none of you were correct. 好的,谢谢您的回答,但是你们都不对。 I had to use pg_escape_string prior to the hash and verify functions. 我必须在哈希和验证函数之前使用pg_escape_string。 Simple, simple, simple.... 简单,简单,简单...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
PHP password_verify() 似乎不起作用 - PHP password_verify() doesn't seem to work
PHP password_verify() 不适用于 MySQL - PHP password_verify() doesn't work with MySQL
PHP登录页面不适用于password_verify - PHP Log in page doesn't work with password_verify
无法获得password_verify正常工作(PHP,MYSQL) - Cannot get password_verify to work (PHP, MYSQL)
我似乎无法使 password_verify() 工作 - I can't seem to make password_verify() work
无法将用户输入到password_verify() - Can't get user input in to password_verify()
哈希变量在password_verify()php中不起作用 - hash variable not work in password_verify () php
PHP password_verify - PHP password_verify
PHP password_verify() - PHP password_verify()
PHP中的Password_verify - Password_verify in PHP
相关标签