我的数据库密码和用户填写的密码不匹配 [英] My DB password and user filled-in password, do not match

问题描述

我的php登录文件有问题.我通过检查电子邮件从数据库中询问密码.当我获得此密码时，将使用用户填写的密码对其进行检查.

I've a problem with my php login file. I ask the password from my db by checking the email. When I obtain this password I check it with the password the user filled in.

在password_verify($Passwd, $row['Passwd'])中，结果将始终返回0，但结果应返回1(密码匹配).

In the password_verify($Passwd, $row['Passwd']) the result will always return 0 but the result should be return 1 (password matches).

为什么我的密码不匹配?

Why do my passwords not match with each other?

登录代码:

<?php
if(isset($_POST['submit'])){

    include_once '../includes/connection.php';

    $Email = $_POST['email'];
    $Passwd = $_POST['passwd'];

    //Create Template
    $sql = "SELECT Passwd FROM user WHERE Email = ?";

    //Create Prepared Statement
    $stmt = mysqli_stmt_init($conn);

    //Prepare Prepared Statement
    if(!mysqli_stmt_prepare($stmt, $sql)){

        echo "SQL Statement Failed";

    } else {

        mysqli_stmt_bind_param($stmt, "s", $Email);

        mysqli_stmt_execute($stmt);

        $res = mysqli_stmt_get_result($stmt);
        
        while ($row = mysqli_fetch_assoc($res)){
            
            echo $Passwd . "<br>";
            echo $row['Passwd'];

            if(password_verify($Passwd, $row['Passwd'])){
                echo "1";
            } else {
                echo "0";
            }
        }

    }

} else {

    header("Location: ../index.php?login=error");
}
?>

注册代码:

<?php

if(isset($_POST['submit'])){

    include_once '../includes/connection.php';

    $Username = $_POST['username'];
    $Email = $_POST['email'];
    $Passwd = $_POST['pwd'];

    //Create Template
    $sql = "INSERT INTO user (Username, Email, Passwd)
        VALUES (?, ?, ?);";

    //Create Prepared Statement
    $stmt = mysqli_stmt_init($conn);

    //Prepare Prepared Statement
    if (!mysqli_stmt_prepare($stmt, $sql)) {

        echo "SQL Statement Failed";

    } else {

        $hashed_passwd = password_hash($Passwd, PASSWORD_DEFAULT);
        
        //Replace '?' by the acctual data
        mysqli_stmt_bind_param($stmt, "sss", $Username, $Email, $hashed_passwd);

        //Run parameters inside database
        mysqli_stmt_execute($stmt);
    }


    header("Location: ../index.php?signup=succes");

} else {

    header("Location: ./index.php?sinup=error");

}

?>

Passwd是数据库中的varchar(50)列.

Passwd is a varchar(50) column in the database.

推荐答案

建议将结果存储在数据库列中，该列可以扩展到超过60个字符(255个字符是一个不错的选择)

it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice)

因此，您需要为数据库中的密码列指定至少60个字符的大小-但较大的大小，例如如果将来会更改默认的哈希算法，建议使用255.

So you need to specify a minimum size of 60 characters for the password column in your database - but a larger size e.g. 255 is recommended in case the default hashing algorithm changes in future.

您还需要重新生成存储在50个字符字段中的所有现有密码，因为它们在保存时将被截断，并且额外的信息也将丢失，这意味着这些旧密码将永远无法被验证

You'll also need to re-generate any existing passwords stored in the 50-character field, because they will have been truncated when they were saved, and the extra information has been lost, meaning those old passwords can never be verified.

这篇关于我的数据库密码和用户填写的密码不匹配的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！