PHP - password_verify问题 [英] PHP - password_verify issue
问题描述
我已经在这个问题上搔了两个多小时。我已经研究了有关stackoverflow的文章,其中包括:
- stackoverflow.com/questions/19855715/php-password-hash-and-password-verify-issues-no-match\">php password_hash和password_verify无法匹配
我还没有能够纠正我的问题。我会很感激一些关于我有多少白痴的指导:
将数据插入MySQL数据库的功能:
pre $
function insertUser($ userObj){
$ query = $ this-> databaseConnection-> getStntPrepare() - > prepare(
INSERT INTO user(username,userpassword)VALUES(?,?););
$ username = $ userObj-> getUsername();
$ password = password_hash('testing1234',PASSWORD_BCRYPT);
$ query-> bind_param('ss',$ username,$ password);
通过从MySQL检索数据验证用户登录:
函数findUser($ userObj){
$ query = $ this-> databaseConnection-> getStntPrepare ) - > prepare(
SELECT userid,userpassword
FROM user
WHERE username =?);
$ pass ='testing1234'
$ query-> bind_param('s',$ userObj-> getUsername());
$ query-> execute();
$ query-> bind_result($ userid,$ hash);
$ b $ while($ query-> fetch()){
if(password_verify($ pass,$ hash)){
echo'Password is valid! ;
} else {
echo'密码无效。';
$ b $ / code>
运行时,我得到'Invalid密码。'
当我在没有插入数据库的情况下执行下面的操作时,检索:
$ hash = password_hash('testing1234',PASSWORD_BCRYPT);
if(password_verify('testing1234',$ hash)){
echo'Password is valid!';
} else {
echo'密码无效。';
}
我得到'密码是有效的!'
我相信我的问题与单引号和双引号以及密码字段中美元符号($)的解释有关,作为变量而不是字面(如文章之一所暗示的)在存储时/从MySQL数据库中检索 - 但我没有解决任何运气。以下是'testing1234'的散列值:
$ 2y $ 10 $ 1 / oQEuYX67n.U3usxH.7tenNq7hT2dKyBSIZsy5xR3W
问题出在数据库中 - 与password_verify或password_hash无关。数据类型的字符数量最多(只有在创建表时由MySQL创建时才定义为40)。移动到60,没有更多的问题。
I have been scratching my head on this for over 2 hours. I have researched articles on stackoverflow including:
And I havent been able to correct my issue. I would appreciate some guidance on how much of an idiot I am being:
Function to insert data into MySQL database:
function insertUser($userObj) {
$query = $this->databaseConnection->getStntPrepare()->prepare(
"INSERT INTO user(username, userpassword) VALUES (?,?);");
$username = $userObj->getUsername();
$password = password_hash('testing1234', PASSWORD_BCRYPT);
$query->bind_param('ss', $username, $password);
}
Verification of user login by retrieving data from MySQL:
function findUser($userObj) {
$query = $this->databaseConnection->getStntPrepare()->prepare(
"SELECT userid, userpassword
FROM user
WHERE username=?");
$pass = 'testing1234'
$query->bind_param('s', $userObj->getUsername());
$query->execute();
$query->bind_result($userid, $hash);
while ($query->fetch()) {
if (password_verify($pass, $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
}
}
When run I get 'Invalid password.'
When I do the below without inserting into database then retrieving:
$hash = password_hash('testing1234', PASSWORD_BCRYPT);
if (password_verify('testing1234', $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
I get 'Password is valid!'
I believe my problem is something to do with single and double quotes and the interpretation of dollar sign ($) in the password field, as a variable instead of literal (as one of the articles suggests) when storing/retrieving from MySQL database - however I haven't had any luck in resolving. Below is the hash value of 'testing1234':
$2y$10$1/oQEuYX67n.U3usxH.7tenNq7hT2dKyBSIZsy5xR3W
Problem was in the database - nothing to do with password_verify or password_hash. Datatype had a maximum amount of characters (only defined to 40 as I was made to by MySQL when creating tables). Moved to 60 and no more issues.
这篇关于PHP - password_verify问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!