password_verify()与数据库中的密码不匹配

时间:2014-08-12 22:56:48

标签: php mysql php-password-hash

我正在创建用户登录页面。我使用password($pass,PASSWORD_BCRYPT)将数据插入数据库,但在尝试使用password_verify($password,$salt)验证密码时,值不匹配。

我确信从数据库中检索的数据$salt是正确的,但它不匹配。你能告诉我如何进一步排除故障吗?我已经彻底搜索了这个问题,但无法找到答案。

这是我的登录代码:

<?php 
      // if form submitted 
      // check supplied login credentials 
      // against database
      } 
      else {   $username = $_POST['username'];   
                $password = $_POST['password'];  
      // check input   
      if (empty($username)) {   
      die('ERROR: Please enter your username');   
      }   
      if (empty($password)) {   
      die('ERROR: Please enter your password');  
      }  
      // attempt database connection   
      include("memberconnect.php");
       $pdo = new mysqli($host,$user,$password,$database);  

      if (!$pdo) { 
      die("ERROR: Could not connect: (" . $pdo->errno .")" .$pdo->error); 
      }  
      // escape special characters in input 
      $username = stripslashes($username);  
      // check if usernames exists   
      $sql = "SELECT Login_Name FROM memberdirectory WHERE Login_Name = '$username ' ";  
      if ($result = mysqli_query($pdo,$sql)) {   
      $row = mysqli_num_rows($result);    
      // if yes, fetch the encrypted password  
      if ($row == 1) {     
      $sql = "SELECT Password FROM memberdirectory WHERE Login_Name = '$username' ";  
      // encrypt the password entered into the form   
      // test it against the encrypted password stored in the database   
      // if the two match, the password is correct 
      if ($result = mysqli_query($pdo,$sql)) {  
      $row = mysqli_fetch_array($result);  
      $salt = $row[0];   
      if (password_verify($password,$salt)) 
      {    
      // password correct 
      // start a new session  
      // save the username to the session 
      // if required, set a cookie with the username   
      // redirect the browser to the main application page 
      session_start();          
      $_SESSION['username'] = $username;  
      if ($_POST['sticky']) {    
      setcookie('name', $_POST['username'], mktime()+86400);   
      }         
      header('Location: main.php');         
      } 
      else
      {           echo 'You entered an incorrect password.'; 
      echo strlen($salt);
      var_dump(password_verify('$password',$salt));
      var_dump($salt);
      }      
      }
      else { 
      die("ERROR: Could not execute $sql (" .$pdo->errno.")".$pdo->error);      
      }     
      } else { 
      echo 'You entered an incorrect username.';    
      }   
      } else { 
      die( "ERROR: Could not execute $sql (" .$pdo->errno.")".$pdo->error); 
      }  
      // close connection  
      unset($pdo); } 
      ?>

1 个答案:

答案 0 :(得分:1)

password_verify根据哈希检查密码。要获取散列,通过外观将其保存到数据库,您将使用password_hash。甚至在password_verify php.net手册页中也有说明。请重新检查你的哈希值。

我所知道的唯一password函数是用于主要用于MySQL身份验证的MySQL。如果您使用的是自定义函数password,则必须重新输入输入的密码并对哈希值进行反算或反向工程。

相关问题
最新问题