password_verify,不明白为什么不起作用| PHP、MYSQL
[英]password_verify, don't understand why is not working | PHP, MYSQL
问题描述
ANSWER
回答
I changed
$verifyPassword = password_verify('$password', $row['userpassword']);
to
$verifyPassword = password_verify($password, $row['userpassword']);And my userpassword VARCHAR was VARCHAR(50) and I changed it to VARCHAR(255)
I'm trying to make a login system in PHP with MYSQL, I have made the signup part, and it hashes the password.我正在尝试使用 MYSQL 在 PHP 中创建一个登录系统,我已经完成了注册部分,并对密码进行了哈希处理。 [Signup is working]. [注册有效]。
Now I'm working on the login part, but it doesn't work, I have tried for some time now and I can't figure it out...现在我正在处理登录部分,但它不起作用,我已经尝试了一段时间,但我无法弄清楚......
When I try to log in and I type the right username and password, I get "wrong password".当我尝试登录并输入正确的用户名和密码时,我收到“密码错误”。
I have tried to echo the $password and $row['userpassword] , and I'm getting the string I need.我试图回显$password和$row['userpassword] ,我得到了我需要的字符串。
I can't understand why it's not working.我不明白为什么它不起作用。 :( :(
*hashed password in the table *表中的哈希密码
$2y$10$qb9z5oRo4reF84.N.coQ8.itQPcOSvpeLdeWgL6uKkG
database table: users数据库表:用户
+------+--------+---------------+------------+<br>
|userid|username|useremail |userpassword|<br>
+------+--------+---------------+------------+<br>
|7 |admin |email@gmail.com|hash* |<br>
+------+--------+---------------+------------+<br>
HTML HTML
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Page title</title>
<link rel="stylesheet" href="../css/desktop.css">
</head>
<body>
<form action="config/login.config.php" method="POST">
<div>
<div>
<input type="text" name="login_username" autocomplete="off" autofocus placeholder="username">
</div>
<div>
<input type="password" name="login_password" autocomplete="off" placeholder="password">
</div>
<div>
<button type="submit" name="login_submit">LOG IN</button>
</div>
</div>
</form>
</body>
</html>
PHP PHP
<?php
if (isset($_POST['login_submit'])) {
require 'dbc.php';
$username = $_POST['login_username'];
$password = $_POST['login_password'];
if (empty($username) || empty($password)) {
header('Location: ../login.php?error=emptyfields');
exit();
} else {
$sql = "SELECT username, userpassword FROM users WHERE username='$username'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
#echo $password;
#echo "<br>";
#echo $row['userpassword'];
$verifyPassword = password_verify('$password', $row['userpassword']);
if ($verifyPassword == false) {
echo "password wrong";
} else if($verifyPassword == true) {
echo "logged in!";
} else {
echo "password error";
}
}
} else {
header('Location: ../login.php?noUserFound');
}
}
}
1 个解决方案
解决方案1
0 2019-04-25 13:28:23
As it was already mentioned the your code is not secure for SQL injections, thus to have a poor security use the addslashes function and with all fixes your code is :正如已经提到的,您的代码对于 SQL 注入不安全,因此安全性较差,请使用 addlashes 函数并进行所有修复,您的代码是:
<?php
if (isset($_POST['login_submit'])) {
require 'dbc.php';
$username = addslashes ($_POST['login_username']);
$password = addslashes ($_POST['login_password']);
if (empty($username) || empty($password)) {
header('Location: ../login.php?error=emptyfields');
exit();
} else {
$sql = "SELECT username, userpassword FROM users WHERE username='$username'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
#echo $password;
#echo "<br>";
#echo $row['userpassword'];
$verifyPassword = password_verify($password, $row['userpassword']);
if ($verifyPassword == false) {
echo "password wrong";
} else if($verifyPassword == true) {
echo "logged in!";
} else {
echo "password error";
}
}
} else {
header('Location: ../login.php?noUserFound');
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.