phpass CheckPassword函数在尝试登录时始终返回false。新手问题

时间:2013-08-29 12:03:57

标签: php mysql login passwords phpass

一直试图在论坛和堆栈的问题中找到解决方案,但没有结果,所以你是我最后的希望。我正在使用phpass进行密码加密,注册脚本工作正常,但是当我尝试登录并使用CheckPassword函数时,它总是返回false。我正在添加我的两个php脚本:

注册:

 <?php 
 require 'phpass-0.3/PasswordHash.php';
 require 'config.php';

 $email = $_POST['email'];
 $confirmed_email = $_POST['confirmed_email'];
 $username = $_POST['username'];
 $password = $_POST['password'];



 if ($_SERVER['REQUEST_METHOD'] === "POST") {

 if(!preg_match("^[a-z0-9,!#\$%&'\*\+/=\?\^_`\{\|}~-]+(\.[a-z0-9,!#\$%&'\*\+/=\?\^_`\{\|}~-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*\.([a-z]{2,})$^", $email))
 {
    $errors[] = "Incorrect email format.";
 }

 if (($email)!==($confirmed_email))
 {
    $errors[] = "Emails do not match";
 }


 if ((strlen($username) < 5) || (!ctype_alnum($username)))
 {
    $errors[] = "Username must be min 6 signs and only include 0-9, A-Z characters.";
 }

 if ((strlen($password) < 7) || (!ctype_alnum($password)))
 {
    $errors[] = "Password must be min 8 signs and only include 0-9, A-Z characters.";
 }

 $stmt = $db->prepare('SELECT * FROM users WHERE username = ? LIMIT 1');
 $stmt->bind_param('s', $username);
 $stmt->execute();
 $stmt->store_result();

 if($stmt->num_rows == 1)
 {
    $errors[] = "Username is taken.";
 }


 else if (!count($errors)) {
 $hasher = new PasswordHash(8, false);
 $hash = $hasher->HashPassword($password);
 if (strlen($hash) >= 20) {
 $stmt = $db->prepare('insert into users (username, email, password) values (?, ?, ?)');
 $stmt->bind_param('sss', $username, $email, $hash);
 $stmt->execute();
 $stmt->close();
 $db->close();
     }
 }

   Foreach($errors as $v) print "$v <br/>";
 }

 ?>

LOGIN:

<?php
include 'config.php';
require 'phpass-0.3/PasswordHash.php';

if(isset($_POST['email'], $_POST['password'])) { 
$email = $_POST['email'];
$password = $_POST['password'];




 $stmt = $db->prepare("SELECT id, username, password FROM users WHERE email = ? LIMIT 1");
 $stmt->bind_param('s', $email); 
 $stmt->execute();
 $stmt->store_result();
 $stmt->bind_result($user_id, $username, $hash);
 $stmt->fetch();

 $stored_hash = $hash;
 $hasher = new PasswordHash(8, false);


 $check = $hasher->CheckPassword($password, $stored_hash);

 if ($check) {

 echo"Logged IN"; 

 } else {

 echo "SOMETHING'S WRONG";
   }
 }
 ?>

请不要注意安全问题,因为它只是一个演示脚本而且我还在学习。

1 个答案:

答案 0 :(得分:0)

确保哈希密码为60个字符,任何其他内容都将返回false。 我有同样的问题,并注意到我的第一个哈希密码是61个字符。

相关问题
最新问题