密码验证总是返回错误值?

时间:2018-05-03 09:53:47

标签: php

我目前正在尝试为我的网站设置一个登录页面,我正在创建该登录页面作为我的大学课程的一部分。我可以在网站上使用哈希密码创建一个帐户就好了。哈希密码显示为:

$2y$10$c17e2YWOPrzZy8RNLZo9Yejm0vHebwhdkD7tyzBgMcIiu6zO5XVn2

我搜索了一些解决方案,例如检查哈希密码是否为60个字符以及其他不成功的解决方案,我还询问了其他两位大学讲师和同学,但他们都没有能够提供帮助。

我的代码是:

<?php

    $username = $_POST["username"];
    $password = $_POST["password"];
    echo $username;
    echo " "; 
    echo $password;
    echo " "; 

    $sql = "SELECT userno, email, password FROM Users WHERE username = '$username';";
    $result = $conn->query($sql);
    echo $sql;
    if ($result->num_rows == 1){
        $row = $result->fetch_assoc();
        if (password_verify( $password, $row["password"]))
        {
            echo "<br/> Welcome back to Ryan's Review Website!";
            echo "<br/> You have succsesfuly logged in!";

            $_SESSION["loggedin"] = true;
            $_SESSION["userno"] = $row['userno'];
        }
        else {
            echo "<br/>Sorry, It seems that either you do not have an account or you have mistyped your username and/or password";
            echo "<br/><a href='Sign In.html'>Click Here</a> to try again!";
            echo "<br/><a href='Register.html'>Click Here</a> if you do not have an account!";
        }
    }
    $conn->close();

?>

我最大的问题在于它基于我去年在以前的网站上使用的工作代码,它成功运作。但是,当我在这里使用完全相同的代码(更改表和变量名以匹配新数据库)时,它总是返回false值。

编辑:这是我将新用户添加到数据库的代码:

$details = [];
$details ['username'] = isset($_POST['username']) ? $_POST['username'] : '';
$details ['email'] = isset($_POST['email']) ? $_POST['email'] : ''; 
$password ['password1'] = isset($_POST['password1']) ? $_POST['password1'] : '';    
$hash = password_hash( $password, PASSWORD_BCRYPT );


$sql = "INSERT INTO Users ";
$sql .= "(username, email, password) ";
$sql .= "VALUES (";
$sql .= "'" . $details['username'] . "',";
$sql .= "'" . $details['email'] . "',";
$sql .= "'" . $hash . "'";
$sql .= ")";
$result = mysqli_query($conn, $sql);    
echo "Congratulations! You have now joined Ryan's Review Website!";

1 个答案:

答案 0 :(得分:0)

在以下行中保存密码哈希时出现错误信息:

$password ['password1'] = isset($_POST['password1']) ? $_POST['password1'] : '';    
$hash = password_hash( $password, PASSWORD_BCRYPT );

在这里,您实际上尝试散列数组$password,这将抛出

  

警告:预期的参数1为字符串,给定数组

根据您的设置,您可能看不到此警告(以及以下内容)并在数据库中存储错误。

所以改变

$password ['password1'] = isset($_POST['password1']) ? $_POST['password1'] : '';


$password = isset($_POST['password1']) ? $_POST['password1'] : '';
相关问题
最新问题