密码散列在 php mysql 中不起作用 [英] Password hashing not working in php mysql

问题描述

我正在尝试使用 phpmysql 使用密码散列.问题是 password_verify 到目前为止似乎对我不起作用.比如说，我注册时的密码是123456789".我使用

I am trying to use password hashing using phpmysql. The issue is password_verify does not seem to work for me so far. Say, my password during registration is '123456789'. I stored it in database using

    password_hash('123456789', PASSWORD_BCRYPT, array('cost' => 12));

然后当我在登录字段中输入123456789"时，它什么也不做，失败了.

And then when I enter '123456789' in the login field, it does nothing, fails.

这是我的代码:

<?php
        session_start();
        include('db.php');        
?>

<!DOCTYPE html>

<head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <meta name="viewport" content="width=device-width,initial-scale=1" />
    <link rel="stylesheet" type="text/css" href="style.css"/>

</head>

<body>

<p/>

<?php

    if(isset($_POST['login']) && $_POST['login'] == 'Login') {

        $loginEmail = $_POST['loginEmail'];
        $loginPassword = $_POST['loginPassword'];

        $sqlLogin = $db->prepare("SELECT * FROM registered_users WHERE email = ?");

        $sqlLogin->bind_param("s",$loginEmail);
        $sqlLogin->execute();
        $sqlLogin = $sqlLogin->get_result();
        $numrowsLogin = $sqlLogin->num_rows;

        if($numrowsLogin == 1) {
            $rowLogin = $sqlLogin->fetch_assoc(); 
            $stored_password = $rowLogin['password'];

        }
        if(password_verify($loginPassword, $stored_password)){


           header('Location: homepage.php'); 
        }else{
            echo 'invalid login';
        }      

    }         
?>


    <form action = "<?php echo $_SERVER['PHP_SELF'];?>" method="POST">
        <table style="width:500px">                        
            <tr>
                <td width="30%"><input style="width: 200px; height: 25px; border-radius: 5px;" type="text" name="loginEmail" placeholder = "Email" required/><br/></td>
            </tr>                    
            <tr>
                <td width="30%"><input style="width: 200px; height: 25px; border-radius: 5px;" type="password"  name="loginPassword" placeholder = "Password" required/><br/></td>
            </tr>
        </table>

        <input style="font-weight: bold; width: 70px; height: 25px; border-radius: 5px;" type="submit" name="login" value="Login"/>
    </form>

</body>

</html>

推荐答案

@Fred Li:谢谢，这对我有用.我在数据库中的密码列长度是 50.更新它现在可以工作了，再次感谢你！！– Bishwaroop Chakraborty"

正如评论中所讨论的:

来自 http://php.net/manual/en/function 的示例.password-hash.php

$2y$10$.vGA1O9wmRjrwAVXD98HNOgsNpDczlqm3Jq7KnEd1rVAGv3Fykk1a 是 60 个字符.

您的密码列的长度小于 60，这就是问题所在.

Your password column's length is less than 60 and that's the problem.

它太短了，你的代码失败了，因为它，你需要在改变列的长度后重新开始一个新的散列.

It's too short and your code failed silently because of it and you need to start over with a new hash after altering the column's length.

• 手册上说 255 是一个不错的选择.

注意事项:

注意其他关于 XSS 注入的评论.

Pay attention to other comments left in regards to XSS injection.

这里有一些不错的文章:

Here are a few good articles:

• 如何使用 HTML/PHP 防止 XSS?立>
• https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet

并在标题后添加exit;.否则，您的代码可能需要继续执行.

and to add exit; after header. Otherwise, your code may want to continue to execute.

这篇关于密码散列在 php mysql 中不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！