嘿,我遇到了password_verify函数的问题。 注册正在工作,但由于某些奇怪的原因,当我尝试使用它进行登录时,它只是说不正确。
这是我的代码(请不要判断,我仍然对所有事情都很陌生。
$username = $_POST['username'];
$password = $_POST['password'];
$SQLSelect = $odb -> prepare("SELECT * FROM `users` WHERE `username` = :username");
$SQLSelect -> execute(array(':username' => $_POST['username']));
while ($show = $SQLSelect -> fetch(PDO::FETCH_ASSOC))
{
$passwordHash = $show['password'];
}
$date = strtotime('-1 hour', time());
$attempts=$odb->query("SELECT COUNT(*) FROM `loginlogs` WHERE `ip` = '$ip' AND `username` LIKE '%failed' AND `date` BETWEEN '$date' AND UNIX_TIMESTAMP()")->fetchColumn(0);
//Check fields
if (empty($username) || empty($password) || !ctype_alnum($username) || strlen($username) < 4 || strlen($username) > 15)
{
die(error('Please fill in all fields.'));
}
//Check login details
echo $passwordHash;
$SQLCheckLogin = $odb -> prepare("SELECT COUNT(*) FROM `users` WHERE `username` = :username AND `password` = :password");
$SQLCheckLogin -> execute(array(':username' => $username, ':password' => password_verify($password, $passwordHash)));
$countLogin = $SQLCheckLogin -> fetchColumn(0);
if (!($countLogin == 1))
{
$SQL = $odb -> prepare("INSERT INTO `loginlogs` VALUES(:username, :ip, UNIX_TIMESTAMP(), 'XX')");
$SQL -> execute(array(':username' => $username." - failed",':ip' => $ip));
die(error('Username or password are invalid.'));
有没有人知道为什么这不起作用?我仔细检查了一切,它应该没问题,还有echo $ passwordHash只是我检查我是否能够获得工作正常的密码。 :/
答案 0 :(得分:1)
password_verify($password, $passwordHash)这会返回一个布尔值。您应该做的是使用它来验证密码是否与哈希相匹配。删除所有这些:
$SQLCheckLogin = $odb -> prepare("SELECT COUNT(*) FROM `users` WHERE `username` = :username AND `password` = :password");
$SQLCheckLogin -> execute(array(':username' => $username, ':password' => password_verify($password, $passwordHash)));
$countLogin = $SQLCheckLogin -> fetchColumn(0);
if (!($countLogin == 1))
只需这样做:
if (!password_verify($password, $passwordHash)) {
// ...
die(error('Username or password are invalid.'));
}