登录时 password_verify() 总是返回 false
[英]password_verify() always returns false when logging in
问题描述
I'm currently writing a database system for my website, and I'm having a huge issue that I can't seem to figure out.
我目前正在为我的网站编写数据库系统,但我遇到了一个我似乎无法弄清楚的大问题。
As seen here, my registration code hashes the password in bcrypt before sending it to the database.如此处所示,我的注册码在将密码发送到数据库之前在 bcrypt 中对密码进行哈希处理。
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// check that all the form inputs are valid
// if not, push an error to the array
if (empty($username)) { array_push($errors, "Username is required."); }
if (empty($email)) { array_push($errors, "Email is required."); }
if (empty($password_1)) { array_push($errors, "Password is required."); }
if ($password_1 != $password_2) {
array_push($errors, "Passwords do not matchh.");
}
// check the db for existing usernames or emails
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if inputted username exists in db, send error
if ($user['username'] === $username) {
array_push($errors, "Username already in use.");
}
if ($user['email'] === $email) {
array_push($errors, "E-Mail already in use.");
}
}
// Register if there are no errors
if (count($errors) == 0) {
$password = password_hash($_POST['password_1'], PASSWORD_BCRYPT); // Hash the password to secure it before inserting it to the db
var_dump($_POST['password_1'], $password);
$query = "INSERT INTO users (username, email, password)
VALUES('$username', '$email', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
header('location: home.php');
}
}
Everything works fine here, it hashes the password perfectly fine.在这里一切正常,它完美地散列密码。
But the problem occurs in the login system.但是问题出现在登录系统中。 I use the function "password_verify()", but it always returns false and gives the error.我使用 function “password_verify()”,但它总是返回 false 并给出错误。 I'm entering the same password I used during registration, but it still says it is wrong.我输入了注册时使用的相同密码,但仍然显示错误。
// login
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required.");
}
if (empty($password)) {
array_push($errors, "Password is required.");
}
if (count($errors) == 0) {
$query = "SELECT * FROM users WHERE username='$username'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
while($row = mysqli_fetch_array($results))
{
var_dump($_POST['password'], $row['password']);
if(!password_verify($_POST['password'], $row["password"]))
{
// incorrect password.
array_push($errors, "Username or password is incorrect.");
}
else
{
// login the user
$_SESSION['username'] = $username;
header('location: home.php');
}
}
}else {
array_push($errors, "Username or password is incorrect.");
}
}
}
I'm genuinely confused as to what went wrong.我真的很困惑出了什么问题。 Please keep in mind that this is the first time I've done anything other that MD5 encryption, which I heard is very vulnerable.请记住,这是我第一次做除 MD5 加密之外的任何事情,我听说这种加密非常脆弱。
All answers are appreciated.感谢所有答案。 Thanks!谢谢!
1 个解决方案
解决方案1
-1 2022-01-06 21:58:26
Nevermind, I somehow figured it out and it's working perfectly now.没关系,我以某种方式想通了,现在它工作得很好。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.