password_verify() 不适用于数据库

Question

my registration page is

        <?php

      require 'core.inc.php';
     include 'connect.inc.php';

     if (!loggedin()) {

              if (isset($_POST['first_name']) && isset($_POST['last_name']) && isset($_POST['user_name']) &&  isset($_POST['password']) && isset($_POST['retype_password'])) {

    $first_name = $_POST['first_name'];
    $last_name = $_POST['last_name'];
    $username = $_POST['user_name'];
    $password = $_POST['password'];
    $retype_password = $_POST['retype_password'];
    $password_hash = password_hash($password, PASSWORD_DEFAULT);


     if (!empty($first_name) && !empty($last_name) && !empty($username) && !empty($password) && !empty($retype_password)) {

        if ($password!=$retype_password) {
            echo 'Password does not matched';
        } else {

             $select_user_query = "SELECT `user_name` FROM `company_login` WHERE `user_name` = '$username'";
            $run_user_query = mysqli_query($db_connect,$select_user_query);

             if (mysqli_num_rows($run_user_query)==NULL) {

                $insert_new_userinfo = "INSERT INTO`company_login`(`user_name`, `password`, `first_name`, `last_name`) VALUES ('".mysqli_real_escape_string($db_connect,$username)."','".mysqli_real_escape_string($db_connect,$password_hash)."','".mysqli_real_escape_string($db_connect,$first_name)."','".mysqli_real_escape_string($db_connect,$last_name)."')";
                    if ($insert_run = mysqli_query($db_connect,$insert_new_userinfo)) {
                    header('Location: signup_success.php');
                } else {
                    echo 'Sorry, we couldn\'t register you at this time. Please try again later.';
                }


            } else {
                echo 'The username '.$username.' already exists'; 
            }

        }

    } else {
        echo 'All fields are required.';
    }


    }
  ?>

      <form action="register.php" method="post">

   First Name : <br/><input type="text" name="first_name" value="<?php echo @$first_name ?>"><br/><br/>
   Last Name : <br/><input type="text" name="last_name" value="<?php echo @$last_name?>"><br/><br/>
  Username : <br/><input type="text" name="user_name" value="<?php echo @$username?>"><br/><br/>
Password : <br/><input type="password" name="password"><br/><br/>
Re-type Password : <br/><input type="password" name="retype_password"><br/>     <br/>
    <input type="Submit" value="Register">

    </form>

    <?php
     } elseif (loggedin()) {
        echo "You're already registered and logged in";
     }

     ?>

I am trying to get the value from database using code below:

if (isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];

$select_pass_query = "SELECT `password` FROM `company_login` WHERE `user_name` = '".mysqli_real_escape_string($db_connect,$username)."'";
if ($select_pass_query_run = mysqli_query($db_connect,$select_pass_query)) {
    // echo "suceessfully find the password";

    $pass_num_row = mysqli_num_rows($select_pass_query_run);

        if ($pass_num_row==NULL) {
            echo "Invalid username/password combination";
        } else if ($pass_num_row==1) {

            $user_password = mysqli_fetch_row($select_pass_query_run);

            $user_password_result = $user_password[0];
            echo $user_password_result . "<br/>";
            echo $pass_verify = password_verify($password, $user_password_result);

        } else {
            echo 'failed';
        }


} else {
    echo 'cannot find the password';
}

When I echo out the $user_password_result variable it is displayed, so the database is successfully returning the value, but when I echo out $pass_verify = password_verify($password, $user_password_result); , nothing is displayed. Why is this happening?

Answer 1

password_verify returns a boolean.

If login is invalid echoing a false value will print nothing.