使用PHP5哈希功能的麻烦

时间:2015-04-07 08:59:03

标签: php mysql

我正在创建基本的系统登录。我正在使用PHP5哈希功能。插入数据库时​​,一切正常,它可以正常工作。

现在的问题是,当我尝试从数据库中获取数据时,它似乎无法获取数据。这是我的代码,也许这会给你一些想法:

    // Create connection with the database
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection to see if It connects, if not output an error message.
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

// We are going to tell mysql to give us everything back related to user if we give it a username.
$stmt = $conn->prepare("SELECT * FROM users WHERE Username=?");

//Pass the username to mysql. this is what the person entered into the form ($_POST['username'])
$stmt->bind_param("s", $_POST['Username']);

//tell mysql to run our now completed statement and search for the user and return his info
$stmt->execute();

//great now we ask mysql to give us a variable that contains all the rows it found with that username
$result = $stmt->get_result();

//if there are 0 rows it means it couldn't find the username so the user doesn't exist
if($result->num_rows==0){
    echo "Looks like theres no username.";
}

//since it got to this part we know that it did find the username so we get the first row from the results
$myrow = $result->fetch_assoc();

//now we compare the password entered into the form ($_POST['password']) with the password in our db for the user ($myrow['Password'])
if(password_verify($_POST['Password'], $hashAndSalt)) {
    echo "It worked Shaun!";
} else {
    echo "nope";
}

正如您所看到的,我正在使用password_verify()功能。当我尝试登录或从数据库获取信息时,它似乎与$_POST中的数据库中的正确信息不匹配。因此,例如,我将进入" shaun"这是数据库中的一个表,它返回" nope"应该回来的地方"它起作用了#34;。

修改

$ hashAndSalt是一个将信息存储到数据库中的变量。请采取以下措施:

//Here we are preparing to enter data into the database. Make sure to use all ? when entering data.
    $stmt = $conn->prepare("INSERT INTO users (Username, Password, Rank) VALUES (?, ?, ?)");

    //Basically all data will be entered into the database.
    $stmt->bind_param("sss", $_POST['Username'], $hashAndSalt, $Rank);

    $hashAndSalt = password_hash($_POST['Password'], PASSWORD_BCRYPT);

1 个答案:

答案 0 :(得分:0)

这就是我从您提供的代码中尝试解释的内容,我已经评论了您需要提供其他代码来显示UI或返回结果的区域。这是未经测试但应该有效。

<?php

include 'database_settings.php';

$mysqli = @new mysqli ( $mysql_hostname, $mysql_username,
    $mysql_password, $mysql_database );

if ( $mysqli->connect_errno > 0 ) {
    // return your error
    return;
}

if ( ( isset ( $_POST [ 'Username' ] ) ) && ( isset ( $_POST [ 'Password' ] ) ) ) {
    if ( ( strlen ( $_POST [ 'Username' ] ) > 0 ) && ( strlen ( $_POST [ 'Password' ] ) > 0 ) ) {
        $stmt = $mysqli->prepare ( 'SELECT * FROM users WHERE Username=?' );
        $stmt->bind_param ( 's', $_POST [ 'Username' ] );
        if ( !$stmt->execute () ) {
            // return your error
            return;
        }
        $result = $stmt->get_result ();
        if ( $result->num_rows > 0 ) {
            while ( $row = $result->fetch_assoc () ) {
                if ( password_verify ( $_POST [ 'Password' ], $row [ 'Password' ] ) ) {
                    // login was successful
                } else {
                   // show the login form, wrong username or password
                }
                break;
            }
            $result->close ();
        } else {
            $result->close ();
            // show the login form, wrong username or password
        }
    } else {
        // show the login form, user has pressed submit without filling out the form
    }
} else {
    // show the login form
}

$mysqli->close ();