我一直得到错误的结果,无法理解原因。
我将新用户及其密码存储起来:
// get password input
$pass = $_POST[ 'password' ];
$options = [
'cost' => 12
];
$pass = password_hash($pass, PASSWORD_DEFAULT, $options);
// add to db
$sql = "insert into clients(first_name, last_name, email, password_hash) values ('$fname', '$lname', '$email', '$pass')";
密码' 123456 '我明白了: 的 $ 2Y $ 12 $ DUd9LWGk2b26r2nQZ6KsfexFrHI / 36RJrq8lAo8vk6XC6VKibIPVG
下一步验证密码:
// get password input
$pass = $_POST[ 'password' ];
// get row hash from database
$sql = "select email, password_hash, active from clients where email = '$email'";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows( $result ) == 0)
{
// Email not found in the database...
}
$row = mysqli_fetch_assoc($result);
// true if password is correct
if ( password_verify( $pass, $row['password_hash'] ) )
{
// logged in
}
else
{
$passInDb = $row['password_hash'];
// Login failed
$_SESSION['error'] = "Incorrect email or password. Cannot verify: $pass ,\n $passInDb" ;
// redirect to login page
header('Location: ../index.php');
}
现在当我尝试登录时,我得到了:
电子邮件或密码不正确。无法验证: 123456 , $ 2y $ 12 $ DUd9LWGk2b26r2nQZ6KsfexFrHI / 36RJrq8lAo8vk6XC6VKibIPVG
我真的不明白为什么password_verify让我虚假......