我目前正在让用户使用用户名和密码注册,并在我的数据库中存储密码,该密码存储得很好,如下所示:
//Signing up
<?php
$user = $_POST['user1'];
$pass = $_POST['pass1'];
$pass = password_hash($pass, PASSWORD_DEFAULT);
mysql_query("INSERT INTO users(username, password) VALUES ('$user', '$pass')");
?>
<html>
<body>
<h1>Signup</h1>
<form action="new_user.php" method="POST">
<p>Username: </p><input type="text" placeholder="User name" name="user1"/>
<p>Password: </p><input type="password" placeholder="Password" name="pass1"/>
<br><br>
<input type="submit" value="Signup!"/>
</form>
</body>
</html>
使用以下代码验证针对用户密码输入的散列密码,但它不起作用。将消息作为无效的info1返回。我试图回复来自 $ result2 的信息,并期望信息是哈希密码,例如'$ 2y $ 10 $ lRgHiIV5Qddt9'。相反,我收到消息“资源ID#7”。我是否错误地检索了这些信息?请协助。
//Verifying
<?php
$myUserName = $_POST['user'];
$myPassword = $_POST['pass'];
//prevent SQL injections
$myUserName = stripslashes($myUserName);
$myPassword = stripslashes($myPassword);
$query1 = "SELECT * FROM users WHERE username='$myUserName'";
$result1 = mysql_query($query1);
$count1 = mysql_num_rows($result1);
if($count1 == 1){
$query2 = "SELECT password FROM users WHERE username='$myUserName'";
$result2 = mysql_query($query2);
//echo $result2; //Testing to see if am getting the hashed password.
if(password_verify($myPassword, $result2 )){
$seconds = 120 + time();
setcookie(loggedIn, date("F js - g:i a"), $seconds);
header("location:login_success.php");
}
else{
echo "Invalid info1";
}
}
else{
echo "Invalid info2";
}
?>
答案 0 :(得分:3)
在这一行
if(password_verify($myPassword, $result2 )){
变量$result2应该是一个字符串,但它是resource。您应该在password的第一行内的列resource内提取字符串,并在password_verify函数中使用该字符串。
类似的东西:
$row = mysql_fetch_array($result2, MYSQL_ASSOC);
$hash = $row['password'];
if(password_verify($myPassword, $hash )){
答案 1 :(得分:0)
您需要从resource
$row = mysql_fetch_array($result2, MYSQL_ASSOC);
$password = $row['password'];
if(password_verify($myPassword, $password )){
}