password_verify不起作用 [英] password_verify doesn't work

问题描述

我正试图建立一个用于学习目的的登录注册网站，但我无法使 password_verify 正常工作.注册工作完美.从login.php中获取的数组中的值与数据库中的值相同.数据库连接有效.尽管如此，调用password_verify函数时，它始终会变为拒绝访问.

I am trying to make a login-register website for learning purposes and I can't make the password_verify work. The registration works perfectly. The value from the fetched array in the login.php is the same as in the database. The database connection works. Still, it always goes to Access denied when calling the password_verify function.

index.php

index.php

<!DOCTYPE html>
<html>

<!--  Head -->

<head>

    <title>Small Content Management System</title>
    <link rel="stylesheet" type="text/css" href="css/style.css">
    <link href='http://fonts.googleapis.com/css?family=PT+Sans+Narrow' rel='stylesheet' type='text/css'>

</head>

<!-- End head -->




<!-- Body -->

<body>

    <div id="login">
        <h2>Small CMS</h2>
        <form name="login" method="post" action="functions/login.php">
            Username:</br>
            <input type="text" name="username"></br>
            Password:</br>
            <input type="password" name="password"></br>
            <input type="submit" name="submit" value="Login">
        </form>
        <span id="register"><a href="register.php">Don't have an account? Register!</a></span>
    </div>

</body>

<!-- End Body -->

</html>

register.php

register.php

<!DOCTYPE html>
<html>

<!--  Head -->

<head>

    <title>Small Content Management System</title>
    <link rel="stylesheet" type="text/css" href="css/style.css">
    <link rel="stylesheet" type="text/css" href="css/register.css">
    <link href='http://fonts.googleapis.com/css?family=PT+Sans+Narrow' rel='stylesheet' type='text/css'>

</head>

<!-- End head -->




<!-- Body -->

<body>

    <div id="login">
        <h2>Small CMS</h2>
        <form name="register" method="post" action="functions/register.php">
            Username:</br>
            <input type="text" name="username"></br>
            E-mail:</br>
            <input type="text" name="email"></br>
            Password:</br>
            <input type="password" name="password"></br>
            <input type="submit" name="submit" value="Register">
        </form>
        <span id="register"><a href="index.php">Already have an account? Login!</a></span>
    </div>

</body>

<!-- End Body -->

</html>

login.php

login.php

<?php

include_once '../../db.php';

if(isset($_POST['submit'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];
    if (trim($username) != '' && trim($password) != '') {
        $con = new Connection();
        $query = $con->db->prepare("SELECT * FROM users WHERE username=?");
        $query->bindParam(1, trim($username)) ;
        $query->execute();

        $res = $query->fetch(PDO::FETCH_ASSOC);
        if (password_verify(trim($password), trim($res['password']))) {
            echo 'Access granted!';
        } else {
            echo 'Access denied!';
        }

    } else {
        echo 'Username or password invalid!';
    }
}

functions/register.php

functions/register.php

<?php

include_once('../../db.php');


if (isset($_POST['submit'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];
    $email = $_POST['email'];

    // Error message to catch
    $err = '';

    // Check if user, password and email are empty
    if (trim($username) === '') {
        $err = 'Invalid username!</br>';
    }

    if (trim($password) === '') {
        $err .= 'Invalid password!</br>';
    }

    if (trim($email) === '') {
        $err .= 'Invalid email!<br>';
    }


    // Checking if user is already in use
    $con = new Connection();
    $query = $con->db->prepare('SELECT * FROM users WHERE username=?');
    $query->bindParam(1, $username);
    $query->execute();
    $results = $query->rowCount();
    if ($results != 0) {
        $err .= 'Username already in use!</br>';
    }

    // Checking if email is already in use
    $con = new Connection();
    $query = $con->db->prepare('SELECT * FROM users WHERE email=?');
    $query->bindParam(1, $email);
    $query->execute();
    $results = $query->rowCount();
    if ($results != 0) {
        $err .= 'Email already in use!</br>';
    }

    // Inserting new user into database
    if ($err === '') {

        // Connecting to db
        $con = new Connection();
        $query = $con->db->prepare("INSERT INTO users(username, password, email) VALUES (?, ?, ?)");
        $options = [
            'cost' => 12,
        ];
        $new_pass = password_hash($password, PASSWORD_BCRYPT, $options);
        $query->bindParam(1, trim($username));
        $query->bindParam(2, trim($new_pass));
        $query->bindParam(3, trim($email));
        $query->execute();

    } else {
        echo $err;
    }
}

推荐答案

好的，这是列的长度，谢谢您的帮助！ –士兵

评论答案.

查看您发布的代码，一切似乎都已结账.

Looking at your posted code, everything seems to check out.

我当时认为的可能性是:

列长度应足够长以容纳哈希值.如果它太短并且如此存储，则将无法进行检索.许多人为他们的varchar使用太低的数字.使用255，将来也可以使用.

The column length should be long enough to accomodate the hash. If it's too short and is stored as such, then retrieval will be impossible. Many use too low a number for their varchar. Use 255 which will also accomodate for the future.

如果是这种情况，则需要从新的寄存器/插入处重新开始.

If that is the case, you need to start over with a new register/insert.

到底是哪种情况?列的长度太短.

• Which in the end, was the case; too short a length for the column.

这篇关于password_verify不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！