stackoom
  简体   繁体   中英

PHP Login System - password_verify returns false even when the password is correct

 原文  2020-06-16 22:56:43       php/ database/ authentication/ mysqli

Question

I'm currently trying to make a login system based on items in a database. Right now, this is what I have - based on a video - but when I try to login with the right password, I always get the error that the password ($pwcheck) is false.

I'm new to PHP and I don't know how to fix this. Any help would be appreciated!

<?php
if (isset($_POST['login-submit'])) {
    require 'dbh.inc.php';
    $fname = $_POST['fname'];
    $lname = $_POST['lname'];
    $empid = $_POST['empid'];
    $password = $_POST['password'];
    if (empty($fname) || empty($lname) || empty($empid) || empty($password)) {
        header('Location: ../admin_login.php?error=emptyfields&fname='.$fname."&lname=".$lname);
        exit();
    } else {
        $sql = 'SELECT * FROM employee WHERE first_name=? AND last_name=? AND emp_id=?;';
        $stmt = mysqli_stmt_init($conn);
        if (!mysqli_stmt_prepare($stmt, $sql)) {
            header('Location: ../admin_login.php?error=sqlerror');
            exit();
        } else {
            mysqli_stmt_bind_param($stmt, 'sss', $fname, $lname, $empid);
            mysqli_stmt_execute($stmt);
            $result = mysqli_stmt_get_result($stmt);
            if ($row = mysqli_fetch_assoc($result)) {
                $pwcheck = mysqli_password_verify($password, $row['admin_password']);
                if (!$pwcheck) {
                    header('Location: ../admin_login.php?error=incorrectpassword');
                    exit();
                } else {
                    session_start();
                    $_SESSION['fname'] = $row['first_name'];
                    $_SESSION['lname'] = $row['last_name'];
                    header('Location: ../admin_page.php');
                    exit();
                }
            } else {
                header('Location: ../admin_login.php?error=nouserfound');
                exit();
            }
        }
    }
} else {

    header('Location: ../admin_login.php');
    exit();
}

1 answers

solution1
 -2  2020-06-16 23:19:18

I think @timBrownlaw has nailed it.

mysqli_password_verify() is not a function I recognise either. If you are comparing a password to a stored hash (hopefully that is how you are storing passwords) then you want password_verify() https://www.php.net/manual/en/function.password-verify.php

Try that instead, then $pwcheck shouldn't be false if they match.

If you want to know more about securely hashing passwords for storage, https://www.php.net/manual/en/function.password-hash.php

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question password_verify() in php returns false for correct password PHP - password_verify always returns false (incorrect password) Login system with password_verify() password_verify returning false with correct password Password_verify() returning False with correct password password_verify Always Returns False, even with proper variables used Php login password_verify The function password_verify() returns false when it should return true password_verify() always returns false when logging in password_verify returns false every time
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM