我一直在升级我的脚本以使用bcrypt进行身份验证,我无法让它工作。这是我的一些示例代码。
<?php
require '../functions/config.php.inc';
if ($_POST[login]) {
$username = mysql_real_escape_string($_POST['username']);
$typedpass = mysql_real_escape_string($_POST['password']);
$info = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$data = mysql_fetch_array($info);
$storedpass = $data['password'];
//this code block is for stack overflow (it saves the entered password into a bcrypt hash then fetches the database row)
$darealhash = password_hash($typedpass, PASSWORD_DEFAULT)."\n";
$result5 = mysql_query("UPDATE users SET password='$darealhash' WHERE username='$username'") or die(mysql_error());
$info = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$data = mysql_fetch_array($info);
$storedpass = $data['password'];
print_r($data);echo "<hr>";
echo "darealhash is $darealhash // storedpass is $storedpass // username is $username<br>";
if(password_verify("$typedpass", $storedpass)){
echo "correct password";
} else {
echo "WRONG password!";
}
}
?>
<form method="POST">
<table border="0">
<tr>
<td>
Username: <br><input type="text" size="15" class="bigtext" maxlength="25" name="username">
</td>
</tr><tr>
<td>
Password: <br><input type="password" size="15" class="bigtext" maxlength="25" name="password">
</td>
</tr>
<tr><td align="right"> <input type="submit" name="login" class="bigbutton" value="Login"></td></tr>
</table></form>
</body>
</html>
以上代码的作用是将登录表单中使用的密码保存到bcrypt哈希中的数据库中,然后将数据库中的bcrypt哈希值与密码的明文输入进行比较,如果正确,则回显“正确的密码“但它仍然回应”错误的密码“,我不知道为什么。