PHP - Password_Verify不起作用

时间:2015-11-30 21:42:29

标签: php passwords

这是PHP即时使用:

//Create a new function named user_login;
function user_login($username = false, $password = false) {

    //Fetch for the username and password applied;
    $st = fetch("SELECT id,username,password,email,image FROM users WHERE username = :username",array(":username"=>$username));

    //If a row was found continue
    if($st != 0) {

        $storedhash = $st[0]['password'];

        if (password_verify($password, $storedhash)) {

            //Set a new username session and set it the username;
            $_SESSION['username'] = $username;
            $_SESSION['email'] = $st[0]['email'];
            $_SESSION['image'] = $st[0]['image'];
            $_SESSION['id'] = $st[0]['id'];

            if($username == 'admin') {
                $_SESSION['role'] = 'admin';
            } else {
                $_SESSION['role'] = 'user';
            }

        }

    }

    //If no errors happened Make the $valid true;
    return true;

}

由于某些原因,人们使用以下方式注册:

//Create a new function named user_login;
function register($username = false, $email = false, $password = false) {

    global $registeroutput;

    //Hash the Password;
    $cost = ['cost' => 5,];
    $hash = password_hash("Kanker9678", PASSWORD_BCRYPT, $cost);

    //Get the Gravatar image;
    $gravatar = 'https://www.gravatar.com/avatar/'.md5($email).'?d=identicon&s=50';

    //Fetch for the username and email to see if they are already used;
    $fetchusername = fetch("SELECT username FROM users WHERE username = :username",array(":username"=>$username));
    $fetchemail = fetch("SELECT email FROM users WHERE email = :email",array(":email"=>$email));
    if(empty($fetchusername)) {

        if(empty($fetchemail)) {

            //Register the user;
            query("INSERT INTO users (username,email,password,image,role,banned,date_created) VALUES (:username,:email,:password,:gravatar,'user','0',:date)",array(":username"=>$username,":password"=>$hash,":email"=>$email,":gravatar"=>$gravatar,":date"=>time()));
            $registeroutput = 'Success';

        } else { $registeroutput = 'Email Error'; }

    } else { $registeroutput = 'Username Error'; }

    //If no errors happened Make the $valid true;
    return true;

}

哈希在user_login()函数中不起作用但是真的很奇怪的是如果我使用基本的test.php文件重新制作哈希只是简单地生成哈希并手动将其放入数据库中替换自动生成的哈希值注册了SOMETIMES的作品。我不知道为什么。

我已经看到其他问题的答案,因为“不是”,但我的代码如何制作使得答案无关紧要。

有什么想法吗?

0 个答案:

没有答案
相关问题
最新问题