php中的password_verify函数问题

时间:2014-01-08 11:21:41

标签: php mysql pdo password-protection

我在php中有一个登录页面和我的应用程序的add_user页面。我使用password_hash函数来散列密码并将其存储在我的数据库中。现在,当用户登录时,我使用password_verify函数检查用户登录凭据是否正确但是由于某种原因,password_verify继续返回false,我不知道为什么,我已经在这几个小时了。

以下是 add-user.php 页面:

<!--
    This page allows the user to add new users to the system
    Administrator permission is required for this feature.
--> 
<?php
    // Including database connection file which consists of the database connection string and the database onject instance
    include('settings/dbconnection.php');
    // Including application wide functions into the page this allows me to use certain functions eg.alert()
    include('settings/functions.php');
    // Including new php password hash library for hasging user password
    include('libs/password_hash_lib/password.php');

    if (isset($_POST['Postval']))
    {
        //print_r($_POST);

        // Getting post data
        $user_group_id = $_POST['UserGroupID'];
        $user_name = $_POST['Username'];
        $user_password = $_POST['Password'];
        $user_email = $_POST['Email'];
        // Setting default timezone
        date_default_timezone_set('Xxxxxx/xxxx');
        $user_registration_date = date('Y/m/d H:i:s');
        // Getting ip address of user at the time of registration
        $user_registration_ip = get_client_ip();
        // Generating hashed password using php5 password_hash() 
        $hashed_password = password_hash($user_password, PASSWORD_DEFAULT);
        // Constructing sql query for inserting new user info into database
        $sql = $pdo->prepare('insert into users(user_group_id, user_name, user_password_hash, user_email, user_registration_date_time, user_registration_ip) values(:user_group_id, :user_name, :hashed_password, :user_email, :user_registration_date, :user_registration_ip)');
        $sql->bindValue('user_group_id', $user_group_id, PDO::PARAM_STR);
        $sql->bindValue('user_name', $user_name, PDO::PARAM_STR);
        $sql->bindValue('hashed_password', $hashed_password, PDO::PARAM_STR);
        $sql->bindValue('user_email', $user_email, PDO::PARAM_STR);
        $sql->bindValue('user_registration_date', $user_registration_date, PDO::PARAM_STR);
        $sql->bindValue('user_registration_ip', $user_registration_ip, PDO::PARAM_STR);
        $sql->execute();
        alert('User has been created!');

    }
?>

<div id="adduser" class="content">
    <div class="horizontal-divider">
        <h2>Add New User</h2>
    </div>
    <form id="Form1" method="post" action="" enctype="multipart/form-data">
        <ul>
            <li>
                <select name="UserGroupID" id="UserGroup" class="required">
                    <option value="">Select a user group</option>
                    <!-- looping over drop down list to display user groups available in the system -->
                    <?php 
                        $sql=$pdo->prepare('select * from user_groups');
                        $sql->execute();
                        $sql->setFetchMode(PDO::FETCH_OBJ);

                        foreach ($sql as $row) 
                        { 
                            echo "<option value='" . $row->user_group_id . "'>" . $row->user_group . "</option>"; 
                        } 
                    ?>
                </select>
            </li>
            <li>
                <input type="text" name="Username" id="Username" placeholder="Username.." class="required"/>
            </li>
            <li>
                <input type="password" name="Password" id="Password" placeholder="Password.." class="required" />
            </li>
            <li>
                <input type="password" name="ConfPassword" id="ConfPassword" placeholder="Confirm Password.." class="required" />
            </li>
            <li>
                <input type="text" name="Email" id="Email" placeholder="Email.." class="required" />
            </li>
            <li>

                <input type="hidden" id="Postval" name="Postval" value="" />
                <a href="" id="btnSubmit" class="button-style-1">Submit</a>
            </li>
        </ul>
        <div class="error">
            <img src="images/error.png" class="icon" />&nbsp;
            <span class="message">Error Message Goes Here!</span>
        </div>
    </form>
    <div class="clear"></div>
</div>
<script type="text/javascript">
    $(document).ready(function() {
        $('#btnSubmit').click(function(e) {
            // Prevent formfrom posting
            e.preventDefault();
            // Validation error count, increases by 1 if an input field fails its validatio;
            var valErr = 0;
            $(".required").each(function() {
                var val = $(this).val().trim();
                if (val.length == 0) {
                    $(this).css('border', '1px solid red');
                    valErr += 1;

                    $('.error').css('display', 'block');
                    $('.error .message').html('&nbsp;It appears you failed to fill in some important fields!');
                } else {
                    $(this).css('border', '1px solid #CCCCCC');
                }

            });

            // Checking if passwords match
            var pword = $('#Password').val();
            var cword = $('#ConfPassword').val();
            if (pword != cword && valErr == 0) {
                // Increasing validation error count
                valErr += 1;

                $('#Password').css('border', '1px solid red');
                $('#ConfPassword').css('border', '1px solid red');

                $('.error').css('display', 'block');
                $('.error .message').html('&nbsp;Passwords entered do not match!');
            }

            // If all fields pass validation, the form is then posted to the server
            if (valErr == 0) {
                $('#Postval').val('Post');
                $('#Form1').submit();
            }
        });
    });
</script>

这是我的 authentication.php 页面:

<?php
    // Including database connection string and database connection object
    include('../settings/dbconnection.php');
    include('../settings/functions.php');
    // Including new php password hash library for hasging user password
    include('../libs/password_hash_lib/password.php');

    if (isset($_POST['data']))
    {
        $post_data = $_POST['data'];
        $user_auth = json_decode($post_data);
        $user_name = $user_auth->Username;
        $user_password = $user_auth->Password;
        // Checking if user exists
        $sql = $pdo->prepare('select user_name from users where user_name=:user_name');
        $sql->bindValue('user_name', $user_name, PDO::PARAM_STR);
        $sql->execute();

        $result = $sql->fetchObject();

        // Displaying message if user does not exist
        if (empty($result) || is_null($result))
        {
            echo json_encode("User does NOT exist!");
            return;
        }
        // Checking if user password matches the one in the system
        $sql = $pdo->prepare('select user_id, user_name, u.user_password_hash, ug.user_group_id, ug.user_group from users u left join user_groups ug on u.user_group_id = ug.user_group_id where user_name=:user_name');
        $sql->bindValue('user_name', $user_name, PDO::PARAM_STR);
        $sql->execute();
        $user_info = $sql->fetchObject();
        // Redirecting user to home after a successful system authentication
        if(password_verify($user_password, $user_info->user_password_hash))
        {
            $_SESSION['sess_user_id'] = $user_info->user_id;
            $_SESSION['sess_user_name'] = $user_info->user_name;
            $_SESSION['session_user_group'] = $user_info->user_group;

            echo json_encode("The password you entered is correct!");
        }
        else
        {
            echo json_encode("The password you entered is NOT correct!");
        }
    }
?>

请注意,authentication.php页面位于子目录中, add-user.php 包含在我的 index.php 位于根目录中。

0 个答案:

没有答案