[英]PHP - password_verify always returns false (incorrect password)
I am having issues with getting password_verify to work correctly, it always returns false (incorrect password). 我在使password_verify正常工作时遇到问题,它总是返回false(错误的密码)。 When I echo the password, it shows the correct password.
当我回显密码时,它显示正确的密码。 Any ideas?
有任何想法吗? Here is my code:
这是我的代码:
<?php
$servername = "localhost";
$database_name = "xxx";
$database_username = "xxx";
$database_password = "xxx";
$username = $_POST['username'];
$password = $_POST['password'];
$conn = mysqli_connect ($servername, $database_username, $database_password, $database_name);
$error_message = "";
$allowed_chars = "/^[A-Za-z .'-]+$/";
$email_chars = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
function error ($error) {
echo $error;
die();
}
if ($conn->connect_error) {
die ("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT username, password FROM users";
$query = mysqli_query ($conn, $sql);
while ($row = mysqli_fetch_assoc ($query)) {
echo 'Username: ' . $row["username"] . '<br>' . 'Password: ' . $password . '<br>' . 'Hashed Password: ' . $row["password"] . '<br><br>';
}
$hashed_password = "SELECT password FROM users WHERE username = '$username'";
$query = mysqli_query ($conn, $hashed_password);
if (!isset ($query)) {
echo '$query doesn\'t appear to be set' . '<br>';
} else {
echo '$query is set' . '<br>';
}
$password_input = password_verify ($password, $hashed_password);
$result = mysqli_fetch_assoc ($query);
$login_cred = "SELECT * FROM users WHERE username='$username'";
if ($password_input) {
echo 'The password you entered is correct!';
} else {
echo 'The password you entered is incorrect!';
}
?>
Database structure for password 密码的数据库结构
Cheers, any help is highly appreciated. 干杯,任何帮助都将受到高度赞赏。
$hashed_password
was a SQL query, not the row output from the database. $hashed_password
是一个SQL查询,而不是数据库的行输出。
Here is the fixed snippet 这是固定的片段
<?php
$hashed_password = "SELECT password FROM users WHERE username = '$username'";
$query = mysqli_query ($conn, $hashed_password);
$row = mysqli_fetch_assoc ($query);
$hashed_password = $row['password'];
?>
Here is that snippet implemented 这是实现的代码段
<?php
$servername = "localhost";
$database_name = "xxx";
$database_username = "xxx";
$database_password = "xxx";
$username = $_POST['username'];
$password = $_POST['password'];
$conn = mysqli_connect ($servername, $database_username, $database_password, $database_name);
$error_message = "";
$allowed_chars = "/^[A-Za-z .'-]+$/";
$email_chars = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
function error ($error) {
echo $error;
die();
}
if ($conn->connect_error) {
die ("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT username, password FROM users";
$query = mysqli_query ($conn, $sql);
while ($row = mysqli_fetch_assoc ($query)) {
echo 'Username: ' . $row["username"] . '<br>' . 'Password: ' . $password . '<br>' . 'Hashed Password: ' . $row["password"] . '<br><br>';
}
$hashed_password = "SELECT password FROM users WHERE username = '$username'";
$query = mysqli_query ($conn, $hashed_password);
$row = mysqli_fetch_assoc ($query);
$hashed_password = $row['password'];
$password_input = password_verify ($password, $hashed_password);
$result = mysqli_fetch_assoc ($query);
$login_cred = "SELECT * FROM users WHERE username='$username'";
if ($password_input) {
echo 'The password you entered is correct!';
} else {
echo 'The password you entered is incorrect!';
}
?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.