[英]password_verify doesn't work, even though it has the hash and the user's password
I'm writing log in code for the only user in my db
. 我正在为我的
db
唯一的用户编写登录代码。 But the password_verify
function doesn't seem to work. 但是
password_verify
函数似乎不起作用。 When I echo
both the hash
from the db
and the password
written in the form, I see them, so there's no problem with the query or the $_POST
. 当我同时
echo
显db
的hash
和表单中编写的password
,我看到了它们,因此查询或$_POST
没有问题。
Here's my code: the log in: 这是我的代码:登录:
$passwordFromForm = htmlspecialchars($_POST['password']);
$nmbr = 12; // it's the user's id.
$sql = "SELECT * FROM user WHERE iduser = $nmbr";
$res = mysqli_query($conn, $sql);
// $row = mysqli_fetch_assoc($res);
while($row = $res->fetch_assoc()) {
$hashFromDB = $row['hash'];
}
if(password_verify($passwordFromForm, $hashFromDB)) {
echo "success";
header("Location: ../admin.php");
}
else {
echo "The hash is:" . $hashFromDB . "and the pass is:" . $passwordFromForm;
//this echoes the correct hash and string
}
Thanks in advance. 提前致谢。
该函数password_verify()与password_hash()相关,您可以检查所使用的算法password_hash()与password_verify()是否相同,并使用password_get_info($ hash)检查res
You should not do any escaping of the password, before feeding it to the password_hash()
/ password_verify()
function. 在将密码提供给
password_hash()
/ password_verify()
函数之前,请勿对密码进行任何转义操作。 So remove the call to htmlspecialchars()
and make sure that your database field holding the hash, is of type varchar(255)
. 因此,请删除对
htmlspecialchars()
的调用,并确保保存哈希的数据库字段的类型为varchar(255)
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.