PHP - password_verify问题 [英] PHP - password_verify issue

查看:299
本文介绍了PHP - password_verify问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我已经在这个问题上搔了两个多小时。我已经研究了有关stackoverflow的文章,其中包括:



我还没有能够纠正我的问题。我会很感激一些关于我有多少白痴的指导:



将数据插入MySQL数据库的功能:



pre $ function insertUser($ userObj){
$ query = $ this-> databaseConnection-> getStntPrepare() - > prepare(
INSERT INTO user(username,userpassword)VALUES(?,?););
$ username = $ userObj-> getUsername();
$ password = password_hash('testing1234',PASSWORD_BCRYPT);

$ query-> bind_param('ss',$ username,$ password);

通过从MySQL检索数据验证用户登录: 

 函数findUser($ userObj){
 $ query = $ this-> databaseConnection-> getStntPrepare ) - > prepare(
SELECT userid,userpassword 
 FROM user 
 WHERE username =?); 
 
 $ pass ='testing1234'
 $ query-> bind_param('s',$ userObj-> getUsername()); 
 $ query-> execute(); 
 $ query-> bind_result($ userid,$ hash); 
 $ b $ while($ query-> fetch()){
 
 if(password_verify($ pass,$ hash)){
 echo'Password is valid! ; 
} else {
 echo'密码无效。'; 
 
 
 $ b $ / code>

运行时,我得到'Invalid密码。'



当我在没有插入数据库的情况下执行下面的操作时,检索:

  $ hash = password_hash('testing1234',PASSWORD_BCRYPT); 
 if(password_verify('testing1234',$ hash)){
 echo'Password is valid!'; 
} else {
 echo'密码无效。'; 
}

我得到'密码是有效的!'



我相信我的问题与单引号和双引号以及密码字段中美元符号($)的解释有关,作为变量而不是字面(如文章之一所暗示的)在存储时/从MySQL数据库中检索 - 但我没有解决任何运气。以下是'testing1234'的散列值:

$ 2y $ 10 $ 1 / oQEuYX67n.U3usxH.7tenNq7hT2dKyBSIZsy5xR3W

解决方案

问题出在数据库中 - 与password_verify或password_hash无关。数据类型的字符数量最多(只有在创建表时由MySQL创建时才定义为40)。移动到60,没有更多的问题。


I have been scratching my head on this for over 2 hours. I have researched articles on stackoverflow including:

And I havent been able to correct my issue. I would appreciate some guidance on how much of an idiot I am being:

Function to insert data into MySQL database:

function insertUser($userObj) {
    $query = $this->databaseConnection->getStntPrepare()->prepare(
            "INSERT INTO user(username, userpassword) VALUES (?,?);");
    $username = $userObj->getUsername();
    $password = password_hash('testing1234', PASSWORD_BCRYPT);

    $query->bind_param('ss', $username, $password);
}

Verification of user login by retrieving data from MySQL:

function findUser($userObj) {
    $query = $this->databaseConnection->getStntPrepare()->prepare(
            "SELECT userid, userpassword 
                FROM user 
                WHERE username=?");

    $pass = 'testing1234'
    $query->bind_param('s', $userObj->getUsername());
    $query->execute();
    $query->bind_result($userid, $hash);

    while ($query->fetch()) {

        if (password_verify($pass, $hash)) {
            echo 'Password is valid!';
        } else {
            echo 'Invalid password.';
        }
    }
}

When run I get 'Invalid password.'

When I do the below without inserting into database then retrieving:

$hash = password_hash('testing1234', PASSWORD_BCRYPT);
if (password_verify('testing1234', $hash)) {
    echo 'Password is valid!';
} else {
    echo 'Invalid password.';
}

I get 'Password is valid!'

I believe my problem is something to do with single and double quotes and the interpretation of dollar sign ($) in the password field, as a variable instead of literal (as one of the articles suggests) when storing/retrieving from MySQL database - however I haven't had any luck in resolving. Below is the hash value of 'testing1234':

$2y$10$1/oQEuYX67n.U3usxH.7tenNq7hT2dKyBSIZsy5xR3W

解决方案

Problem was in the database - nothing to do with password_verify or password_hash. Datatype had a maximum amount of characters (only defined to 40 as I was made to by MySQL when creating tables). Moved to 60 and no more issues.

这篇关于PHP - password_verify问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆