PHP password_verify(“用户输入”,$ hash); 不工作
[英]PHP password_verify(“user input”, $hash); not working
问题描述
I know this question has been asked and answered many times but none of those solutions worked for me. 
我知道这个问题已经被问过很多次了,但是这些解决方案都不适合我。 I am trying to create a simple login system that uses password_hash() and password_verify() my database has varchar(255) on the password just to be sure it wont clip off the end of the hash, I have made sure the hash that is generated by password_hash() is the exact same as the one in the database cant anyone see the problem? 我正在尝试创建一个使用password_hash()和password_verify()的简单登录系统,我的数据库在密码上具有varchar(255)只是为了确保它不会剪切掉哈希的末尾,我已经确保了哈希是password_hash()生成的密码与数据库中的密码完全相同,谁也看不到问题?
Here is my register.php page 这是我的register.php页面
<html>
<head>
<meta charset="utf-8">
</head>
<body>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<input type="text" name="username" placeholder="username">
<input type="password" name="password" placeholder="password">
<input type="submit" name="register" value="register">
</form>
<?PHP
if(isset($_POST['register'])){
require_once('connect.php');
$conn = connUsers('write');
$stmt = $conn->prepare("INSERT INTO users(user, pass)
VALUES(:user, :pass)");
$stmt->bindParam(':user', $user);
$stmt->bindParam(':pass', $hash);
$pass = $_POST['password'];
$hash = password_hash($password, PASSWORD_DEFAULT);
$user = $_POST['username'];
$stmt->execute();
echo '<script>alert("User successfully created");</script>';
}
?>
</body>
and here is my login.php page 这是我的login.php页面
<html>
<head>
<meta charset="utf-8">
</head>
<body>
<form name="login-form" method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<input type="text" name="username" placeholder="Username">
<input type="password" name="password" placeholder="Password">
<input type="submit" name="login" value="login">
</form>
</body>
<?PHP
require_once('connect.php');
$conn = connUsers('read');
if(isset($_POST['login'])){
$user = $_POST['username'];
$pass = $_POST['password'];
$checkUser = null;
$sql = "SELECT id, user, pass FROM users WHERE user = '$user'";
$result = $conn->query($sql);
foreach($result as $check){
$checkUser = $check['user'];
$hash = $check['pass'];
}
if(is_null($checkUser)){
echo '<script>alert("User does not exist");</script>';
}else{
if(password_verify($pass, $hash)){
echo '<script>alert("you have successfully logged in");</script>';
}else{
echo '<script>alert("Incorrect password");</script>';
}
}
}
?>
Can anyone see the problem? 谁能看到这个问题?
1 个解决方案
解决方案1
0 2019-06-24 09:14:08
I couldn't find the error on your login system so I "made" this one for you: 我在您的登录系统上找不到错误,因此我为您“制作”了一个:
<?php
$conn = mysqli_connect("localhost", "root", "", "blog");
// Check connection
if($conn === false){
die("ERROR" . mysqli_connect_error());
}
if(isset($_POST["login"]))
{
if(empty($_POST["username"]) || empty($_POST["password"]))
{
echo '<script>alert("Both Fields are required")</script>';
}
else
{
$username = mysqli_real_escape_string($conn, $_POST["username"]);
$password = mysqli_real_escape_string($conn, $_POST["password"]);
$query = "SELECT * FROM users WHERE username = '$username'";
$result = mysqli_query($conn, $query);
if(mysqli_num_rows($result) > 0)
{
while($row = mysqli_fetch_array($result))
{
if(password_verify($password, $row["password"]))
{
//return true;
$_SESSION["username"] = $username;
echo 'Logged In';
echo '<p><a href="logout.php">Logout</a></p>';
}
else
{
//return false;
echo '<script>alert("Wrong User Details")</script>';
}
}
}
else
{
echo '<script>alert("Wrong User Details")</script>';
}
}
}
?>
<html>
<head>
</head>
<body bgcolor = "#FFFFFF">
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<input type="text" name="username" placeholder="username">
<input type="password" name="password" placeholder="password">
<input type="submit" name="login" value="login">
</form>
</body>
</html>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.