php password_verify仍无效

时间:2016-06-20 10:01:03

标签: php sql

我已经阅读过很多关于这个password_hash的文章,如果不是我读到的所有内容都尽可能多地应用了 无论我多么努力,password_verify仍然拒绝验证值。 PHP版本5.61.6和SQL版本5.7.9 任何形式的帮助都很受欢迎,我已经因尝试许多字符串组合而疲惫不堪

<!DOCTYPE html>
<html>
    <head>
        <title>Administrator</title>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
    </head>
    <body>
         <?PHP
            //.......all variables are collected from html form....
            $conn = mysqli_connect("localhost", "uname", "pword", "dbname");
            mysqli_set_charset($conn, 'utf8');
            //.......`SN` column has the unique attribute
            $sql = "SELECT * FROM Sign_Up WHERE `SN`=$sn";
            $result = mysqli_query($conn, $sql);
            if (mysqli_num_rows($result) > 0) {
                while ($row = mysqli_fetch_assoc($result)) {
                    $date = date('Y-m-j g:i:s');
                    //.......idgen is a function previously defined
                    $id = idgen();
                    //.......prints $id before hashing....
                    echo $id."<BR>";
                    $id = password_hash('$id', PASSWORD_DEFAULT);
                    //......string length before storing
                   echo strlen($id)."<BR>";
                   //......table columns
                   $f = $row["FirstName"];
                   $l = $row["LastName"];
                   $bn = $row["BusinessName"];
                   $ba = $row["BusinessAddress"];

                   $sq = "INSERT INTO Distributors (`FirstName`, `LastName`, `BusinessName`, `BusinessAddress`) VALUES ('$f', '$l', '$bn', '$ba')";
                   $res = mysqli_query($conn, $sq);
                 }
            }
        ?>

    </body>
 </html>

验证哈希的代码是

<html>
    <head>
        <meta charset="UTF-8">
    </head>
    <body>

        <?PHP

            $conn = mysqli_connect($servername, $username, $password, $dbname);
            mysqli_set_charset($conn, 'utf8');
            //.....phone number has a unique attribute
            $sql = "SELECT `ID` FROM Distributors WHERE `PhoneNumber`='number'";
            $result = mysqli_query($conn, $sql) or die(mysqli_error($conn));
            $result1= mysqli_num_rows($result);
            $look = mysqli_fetch_array($result)['ID'];
            print $look."<BR>";
            $look = trim($look);
            print $look."<BR>";
            print strlen($look)."<BR>";
            //......all print statements yields expected results and hashed password is stored
            //......in VARCHAR (255)...I also tried CHAR 
            $ver = password_verify('user input data', '$look');
                if ($ver) {

                    print "ok";
                }
                else {
                    print "no";
                }


     ?>

    </body>
</html>

2 个答案:

答案 0 :(得分:0)

使用没有任何引号的php变量或双引号内的""

$id = password_hash($id, PASSWORD_DEFAULT);         // no quotes around $id

$ver = password_verify('user input data', "$look"); // double quotes around $look

不解析单引号字符串,即在解析双引号字符串时将其视为文字字符串,因此变量名称将使用其值进行扩展。

答案 1 :(得分:0)

使用散列时:

$id = "school";
Password_hash($id);

验证使用时:

Password_verify($id, $data_from_database);
相关问题
最新问题