PHP password_verify()似乎不起作用 [英] PHP password_verify() doesn't seem to work

问题描述

我一直在研究PHP中的password_hash()和password_verify()方法，并且一直在尝试将其包含在我的代码中.我似乎无法使其正常工作，我经历了一系列的谷歌搜索，甚至是SO上的一些问题，但它们似乎并不能解决问题.

I have been going through the password_hash() and password_verify() methods in PHP and I've been trying to include that in my code. I can't seem to get it to work, I've gone through series of googling and even some of the questions here on SO but they don't seem to resolve the issue.

我在数据库中的列长度是255.当我尝试运行代码时，我收到了$loginerror消息.这是我的代码块.请问我做错了什么.

My column length in the database is 255. When I try to run the code, I get the $loginerror message. Here's my code block. Please what am I doing wrong.

$signin_email=$_POST['signin_email'];
$signin_password=$_POST['signin_password'];

if($valid){
    require_once 'scripts/connect_to_mysql.php';
    $sql = "SELECT First_name, Last_name,Password FROM customer WHERE Email=? AND Password=? LIMIT 1";
    $stmt=$conn->prepare($sql);//preparing the statement
    if(!$stmt){
        echo "Unable to prepare: ".$conn->errno. " " .$conn->error;
    }
    //executing the statement
    //$date=date('d m Y h:i:s');
    if(!$stmt->bind_param('ss', $signin_email, $signin_password)){//bind parameters to sql statement. i=integer, s=string, b=blob, d=double 
        echo "Binding parameters failed: ".$stmt->errno. " " . $stmt->error;
    }
    if(!$stmt->execute()){//executing the statement
        echo "Statement Execution failed: ". $stmt->error;
    }
    if(!$stmt->bind_result($dbfirstname,$dblastname,$dbpassword)){// used to bind variables to a prepared statement for result storage
        echo "Unable to bind results to variables: ".$stmt->error;
    }
    $stmt->store_result();
    //echo $stmt->num_rows;
    echo $dbpassword;
    if(password_verify($signin_password, $dbpassword)){
        if($stmt->num_rows===1){//to check if username and password actually exists
            while($row=$stmt->fetch()){
                $user=$dbfirstname. " ". $dblastname;
                echo $user;
            }

            /*$_SESSION['user']=$user;
            header('location:logintest.php');
            exit();*/
        }
    }
    else{
        //$error="Invalid Email address/Password. Please try again";
        $loginerror= "Invalid Email address/Password. Please try again";
    }

    $stmt->close();//closing the prepared statement
    $conn->close();//closing the connection
}

推荐答案

问题不在于password_verify中，而在于您构建查询的方式:

Problem does not lie in password_verify but in way that you build your query:

`$sql ="SELECT First_name, Last_name,Password FROM customer WHERE Email=? AND Password=? LIMIT 1";

您将$signin_password绑定到该查询，并且它不包含来自$_POST的哈希值.

You bind $signin_password to that query and it contains not hashed value from $_POST.

有2种解决方案:

1)从查询中删除AND Password=?-您将使用password_verify

1) remove AND Password=? from your query - you will check your password with password_verify

2)将$signin_password更改为:

$signin_password=password_hash($_POST['signin_password']);

(但是使用password_verify的这种方式是无关紧要的.

(but this way using password_verify is kind of irrelevant.

这篇关于PHP password_verify()似乎不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！