即使具有哈希值和用户密码,password_verify也不起作用
[英]password_verify doesn't work, even though it has the hash and the user's password
问题描述
I'm writing log in code for the only user in my db . 
我正在为我的db唯一的用户编写登录代码。 But the password_verify function doesn't seem to work. 但是password_verify函数似乎不起作用。 When I echo both the hash from the db and the password written in the form, I see them, so there's no problem with the query or the $_POST . 当我同时echo显db的hash和表单中编写的password ,我看到了它们,因此查询或$_POST没有问题。
Here's my code: the log in: 这是我的代码:登录:
$passwordFromForm = htmlspecialchars($_POST['password']);
$nmbr = 12; // it's the user's id.
$sql = "SELECT * FROM user WHERE iduser = $nmbr";
$res = mysqli_query($conn, $sql);
// $row = mysqli_fetch_assoc($res);
while($row = $res->fetch_assoc()) {
$hashFromDB = $row['hash'];
}
if(password_verify($passwordFromForm, $hashFromDB)) {
echo "success";
header("Location: ../admin.php");
}
else {
echo "The hash is:" . $hashFromDB . "and the pass is:" . $passwordFromForm;
//this echoes the correct hash and string
}
Thanks in advance. 提前致谢。
2 个解决方案
解决方案1
1 2016-04-17 03:28:59
该函数password_verify()与password_hash()相关,您可以检查所使用的算法password_hash()与password_verify()是否相同,并使用password_get_info($ hash)检查res
解决方案2
1 2016-04-17 10:08:17
You should not do any escaping of the password, before feeding it to the password_hash() / password_verify() function. 在将密码提供给password_hash() / password_verify()函数之前,请勿对密码进行任何转义操作。 So remove the call to htmlspecialchars() and make sure that your database field holding the hash, is of type varchar(255) . 因此,请删除对htmlspecialchars()的调用,并确保保存哈希的数据库字段的类型为varchar(255) 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.