堆栈内存溢出
  简体   繁体   English

password_verify()始终返回false

[英]password_verify() always return false

 原文  2016-11-16 16:44:03       php/ mysql/ login

问题描述

I am a newbie and I was trying to create a login system using PHP and Mysql. 我是一个新手,我正在尝试使用PHP和Mysql创建一个登录系统。 After finishing registration form and adding few users, I was trying to create a login form. 完成注册表并添加少量用户后,我试图创建一个登录表单。 but it always returns false saying my your Your username or password is incorrect! 但它总是返回false,说我的Your username or password is incorrect! . Below is my code. 以下是我的代码。 It will be great if someone could help me. 如果有人可以帮助我,那将是很棒的。 Advance sorry if my doubt is tooo basic :/ 如果我的疑问太基础,请提前抱歉:/ 

<?php
    session_start();
    include '.\includes\functions\db.php';
?>

<?php
    $username = strtolower(mysqli_real_escape_string($db, $_POST['username']));
    $password = strtolower(mysqli_real_escape_string($db, $_POST['password']));

    $sql        = "SELECT * FROM users WHERE username = '$username' ";
    $result     = mysqli_query($db, $sql);
    $row        = mysqli_fetch_assoc($result);
    $hash_pwd   = $row['password'];
    echo $hash_pwd;
    echo $password;
    $hash       = password_verify($password, $hash_pwd);

    if ($hash ==0) {
        header("Location: ./index.php?error=check");
        exit();
    }else {
        $sql = "SELECT * FROM user WHERE username = '$username' AND password = '$hash_pwd'";
        $result = mysqli_query($db, $sql);
        if (mysqli_num_rows($result) == 0) {
            echo "Your username or password is incorrect!";
        }else {
            $_SESSION['id'] = $row['id'];
            $_SESSION['username'] = $row['username'];
        }
        //header("Location: ./index.php");
    }
?>

and my registration page is as follows 我的注册页面如下 

<?php
//This Page is for registration of users
?>

<?php
// this php tag is for all includes
include '.\includes\functions\db.php';

?>

<?php
//print isset($_POST["submit"]);
//Getting all details inserted in form
if(isset($_POST["register"])){
    $username   = $_POST['username'];
    $firstname  = $_POST['firstname'];
    $lastname   = $_POST['lastname'];
    $email      = $_POST['email'];
    $password   = $_POST['password'];
    $date       = date('Y-m-d H:i:s');

    //Encrypting and Securing recieved data
    $username               = strtolower(mysqli_real_escape_string($db, $username));
    $firstname              = strtolower(mysqli_real_escape_string($db, $firstname));
    $lastname               = strtolower(mysqli_real_escape_string($db, $lastname));
    $email                  = strtolower(mysqli_real_escape_string($db, $email));
    $password               = strtolower(mysqli_real_escape_string($db, $password));
    $encryptedpassword      = password_hash($password, PASSWORD_DEFAULT);

    //To check duplication of email ids
    $sql        = "SELECT email FROM users WHERE email='$email'";
    $result     = mysqli_query($db, $sql);
    $row        = mysqli_num_rows($result);//$row will return count of rows if any duplicate email ids are found

    //To check duplication of usernames
    $sql2       = "SELECT username FROM users WHERE username='$username'";
    $result2    = mysqli_query($db, $sql2);
    $row2        = mysqli_num_rows($result2);//$row2 will return count of rows if any duplicate usernames are found

    //conditions to check what all duplicates are found
    if($row > 0 && $row2 >0){
        echo "Sorry...This email id and username is already taken!!!";
    } elseif ($row > 0 ) {
        echo "Sorry...This email id is already taken!";
    } elseif ($row2 > 0) {
        echo "Sorry...This Username is already taken!";
    }else {
        $query  = mysqli_query($db, "INSERT INTO users (username, firstname, lastname, password, email, regdate) VALUES
        ('$username', '$firstname', '$lastname', '$encryptedpassword', '$email', '$date')");
        if($query){
            echo "Thank You! you are now registered.";
        }
    }
}

?>

1 个解决方案

解决方案1
 0 已采纳  2018-11-11 23:09:56

The error in my code is because of password = '$hash_pwd' condition in my where clause. 我的代码中的错误是因为我的where子句中的password ='$ hash_pwd'条件。 When i retried row with given username and later verified password using php, it works as intended. 当我用给定的用户名和以后使用php验证密码重试行时,它按预期工作。 I guess password hashed in php using password_hash() cannot be retrived and verified like encryption. 我想密码在php中使用password_hash()进行哈希处理无法像加密那样进行重新验证和验证。 Anyway thanks for all of yours responses 无论如何,感谢你们所有人的回应

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 password_verify 总是返回假密码 - password_verify always return false password 我的密码验证数据库中的值总是返回 false - My password_verify for a value from database always return false PHP - password_verify() 总是返回 false - PHP - password_verify() is always returning false PHP - password_verify 总是返回 false - PHP - password_verify always returning false PHP password_verify始终返回false - PHP password_verify always returning false 为什么 password_verify 返回 false? - Why does password_verify return false? PHP-password_verify始终返回false(错误的密码) - PHP - password_verify always returns false (incorrect password) 登录时 password_verify() 总是返回 false - password_verify() always returns false when logging in password_verify即使使用适当的变量,也始终返回False - password_verify Always Returns False, even with proper variables used 切换到PDO后,Password_Verify总是返回false吗? - Password_Verify always returns false after switching to PDO?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM