PHP password_verify()似乎不起作用 [英] PHP password_verify() doesn't seem to work
问题描述
我一直在研究PHP中的password_hash()
和password_verify()
方法,并且一直在尝试将其包含在我的代码中.我似乎无法使其正常工作,我经历了一系列的谷歌搜索,甚至是SO上的一些问题,但它们似乎并不能解决问题.
I have been going through the password_hash()
and password_verify()
methods in PHP and I've been trying to include that in my code. I can't seem to get it to work, I've gone through series of googling and even some of the questions here on SO but they don't seem to resolve the issue.
我在数据库中的列长度是255.当我尝试运行代码时,我收到了$loginerror
消息.这是我的代码块.请问我做错了什么.
My column length in the database is 255. When I try to run the code, I get the $loginerror
message. Here's my code block. Please what am I doing wrong.
$signin_email=$_POST['signin_email'];
$signin_password=$_POST['signin_password'];
if($valid){
require_once 'scripts/connect_to_mysql.php';
$sql = "SELECT First_name, Last_name,Password FROM customer WHERE Email=? AND Password=? LIMIT 1";
$stmt=$conn->prepare($sql);//preparing the statement
if(!$stmt){
echo "Unable to prepare: ".$conn->errno. " " .$conn->error;
}
//executing the statement
//$date=date('d m Y h:i:s');
if(!$stmt->bind_param('ss', $signin_email, $signin_password)){//bind parameters to sql statement. i=integer, s=string, b=blob, d=double
echo "Binding parameters failed: ".$stmt->errno. " " . $stmt->error;
}
if(!$stmt->execute()){//executing the statement
echo "Statement Execution failed: ". $stmt->error;
}
if(!$stmt->bind_result($dbfirstname,$dblastname,$dbpassword)){// used to bind variables to a prepared statement for result storage
echo "Unable to bind results to variables: ".$stmt->error;
}
$stmt->store_result();
//echo $stmt->num_rows;
echo $dbpassword;
if(password_verify($signin_password, $dbpassword)){
if($stmt->num_rows===1){//to check if username and password actually exists
while($row=$stmt->fetch()){
$user=$dbfirstname. " ". $dblastname;
echo $user;
}
/*$_SESSION['user']=$user;
header('location:logintest.php');
exit();*/
}
}
else{
//$error="Invalid Email address/Password. Please try again";
$loginerror= "Invalid Email address/Password. Please try again";
}
$stmt->close();//closing the prepared statement
$conn->close();//closing the connection
}
推荐答案
问题不在于password_verify
中,而在于您构建查询的方式:
Problem does not lie in password_verify
but in way that you build your query:
`$sql ="SELECT First_name, Last_name,Password FROM customer WHERE Email=? AND Password=? LIMIT 1";
您将$signin_password
绑定到该查询,并且它不包含来自$_POST
的哈希值.
You bind $signin_password
to that query and it contains not hashed value from $_POST
.
有2种解决方案:
1)从查询中删除AND Password=?
-您将使用password_verify
1) remove AND Password=?
from your query - you will check your password with password_verify
2)将$signin_password
更改为:
$signin_password=password_hash($_POST['signin_password']);
(但是使用password_verify的这种方式是无关紧要的.
(but this way using password_verify is kind of irrelevant.
这篇关于PHP password_verify()似乎不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!