PHP password_verify返回false

时间:2016-08-01 00:44:55

标签: php mysql

我有2个项目1只用于检查用户名和密码(如果它们存在于数据库中,其功能是password_verify()正常工作,另一个你可以注册然后登录,但在这1中的函数password_verify总是返回false,即使我有两个相同的代码,但改变了表名我会发布项目,所以如果有人可以帮我请。 我确实检查它是否正常连接到数据库并返回正确的电子邮件结果,但是当比较散列传递与输入的传递时,它总是错误的。

Index.php是主页面,只包含两个php行:

  1. 包括( “signup.php”);
  2. 包括( “login.php中”);
  3. Connection.php

       <?php
    $server="localhost";
    $db_username="myusername";
    $db_password="mypassword";
    $db="test_db";
    
    $conn=mysqli_connect($server,$db_username,$db_password,$db);
    
    
    if(!$conn)
        die ("Connection Failed: ".mysqli_connect_error());
    
    
    ?>
    

    signup.php

    <?php
    session_start();
    if(isset($_POST['signup']))
    {   
         function validateFormData($formData)
        {
            $formData=trim(stripcslashes(htmlspecialchars($formData)));
            return $formData;
        }
    
        $email=validateFormData($_POST['email']);
        $password=validateFormData($_POST['password']);
    
        if(!$_POST['email'])
            $error.="Please enter an email<br>";
    
        else if(!filter_var($_POST['email'],FILTER_VALIDATE_EMAIL))
        {
            $error.="Please enter a valid email<br>";
        }
    
        if(!$_POST['password'])
            $error.="Please enter a password<br>";
    
        else
        {
            if(strlen($_POST['password'])<8)
                $error.="Password must contain at least 8 characters<br>";
    
            if(!preg_match('`[A-Z]`',$_POST['password']))
                $error.="Password must contain at least one capital letter<br>";
        }
    
        if($error)
        {
            echo "<div class='alert alert-danger text-center lead'><a class='close red' data-dismiss='alert'>&times;</a>".$error."</div>";
        }
        else
        { 
            include('connection.php');
    
            $query="SELECT * FROM `diary` WHERE email='".mysqli_real_escape_string($conn,$email)."'";
    
            $result=mysqli_query($conn,$query);
            $results=mysqli_num_rows($result);
    
            if($results)
                echo "<div class='alert alert-danger text-center lead'>This email already exists, do you want to log in?<a class='close red' data-dismiss='alert'>&times;</a></div>";
    
            else
            {
             $selectUser=mysqli_real_escape_string($conn,$email);
             $hashedPass=password_hash($password,PASSWORD_DEFAULT);
             $query="INSERT INTO `diary`(`email`, `password`) VALUES ('$selectUser','$hashedPass')";   
             mysqli_query($conn,$query);
             echo "<div class='alert alert-success text-center lead'>You've been signed up!<a class='close green' data-dismiss='alert'>&times;</a></div>";
    
             $_SESSION['id']=mysqli_insert_id($conn);
    
    
            }
     }
    
    }
    
    
    ?>
    

    的login.php

    <?php
    
    if(isset($_POST['login']))
    {
    
    
        function validateFormData($formData)
        {
            $formData=trim(stripcslashes(htmlspecialchars($formData)));
            return $formData;
        }
    
    
        $formEmail=validateFormData($_POST['loginEmail']);
        $formPass=validateFormData($_POST['loginPassword']);
        $newPass=password_hash($formPass,PASSWORD_DEFAULT);
        echo $newPass;
    
        include("connection.php");
    
        $query="Select * from diary where email='$formEmail' ";
    
        $result=mysqli_query($conn,$query);
    
          if(mysqli_num_rows($result)>0)
        {
            while($row=mysqli_fetch_assoc($result))
            { 
                $LogEmail= $row['email'];
                $LogPass= $row['password'];
                echo "<br>".$LogPass;
    
            }
            if(password_verify($newPass,$LogPass))
            {
                echo "<br>Correct Password";    
            }
              else
                  echo "<br>Not Correct"; 
        }
    
    
    }
    
    ?>
    
       $ newPass的输出是:“$ 2y $ 10 $ dw0AtEExMc41p4nUB3W9kOOWTcNZmQev9jM4emNn7oQNODfu6Ld.q”

         

    $ LogPass的输出是:“$ 2y $ 10 $ biz6Z5nxsMZXNf7p3ebqw.pksPb1VhWEmoan776rMqOC7VcFRQbrK”

    索引

    <?php
    
    include("signup.php");
    include("login.php");
    
    ?>
    <!DOCTYPE html>
    <html lang="en">
    <head>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <meta name="description" content="">
        <meta name="author" content="">
        <title>Secret Diary</title>
    
        <link rel="stylesheet" href="css/Normalize.css">
        <link rel="stylesheet" href="bootstrap/css/bootstrap.min.css">
        <link rel="stylesheet" href="css/style.css">
    
        <!--[if IE]>
            <script src="https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js"></script>
            <script src="https://cdnjs.cloudflare.com/ajax/libs/respond.js/1.4.2/respond.min.js"></script>
        <![endif]-->
    
    </head>
    
    <body>
        <div class="container">
          <form class="form-horizontal emailForm" role="form" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>">
              <legend><h1 class="text-center">Sign Up</h1></legend>
            <div class="form-group">
              <label class="control-label col-sm-2" for="email" >Email:</label>
              <div class="col-sm-10">
                 <input type="email" class="form-control" style="width:90%" id="email" placeholder="Enter Email"  name="email" value="<?php echo addslashes($_POST['email']);?>">   
              </div>
            </div>
            <div class="form-group">
              <label class="control-label col-sm-2" for="pwd">Password:</label>
              <div class="col-sm-10">
                <input type="password" class="form-control" style="width:90%" id="pwd" placeholder="Password" name="password">
              </div>
            </div>
            <div class="form-group">
              <div class="col-sm-offset-2 col-sm-10">
                <button type="submit" class="btn btn-success " id="btnClick" name="signup">Sign Up</button>
              </div>
            </div>
          </form><!--SIGN UP-->
    
             <form class="form-horizontal emailForm" role="form" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>">
              <legend><h1 class="text-center">Log In</h1></legend>
            <div class="form-group">
              <label class="control-label col-sm-2" for="LogInEmail" >Email:</label>
              <div class="col-sm-10">
                 <input type="email" class="form-control" style="width:90%" id="LogInEmail" placeholder="Enter Email"  name="loginEmail" value="<?php echo addslashes($_POST['loginEmail']);?>">   
              </div>
            </div>
            <div class="form-group">
              <label class="control-label col-sm-2" for="LogInPassword">Password:</label>
              <div class="col-sm-10">
                <input type="password" class="form-control" style="width:90%" id="LogInPassword" placeholder="Password" name="loginPassword">
              </div>
            </div>
            <div class="form-group">
              <div class="col-sm-offset-2 col-sm-10">
                <button type="submit" class="btn btn-success " id="btnClick" name="login">Log In</button>
              </div>
            </div>
          </form><!--LOG IN-->
    </div>
        <script src="js/JQuery.min.js"></script>
        <script src="bootstrap/js/bootstrap.min.js" type="text/javascript"></script>
        <script src="js/script.js" type="text/javascript"></script>
    </body>
    </html>
    

2 个答案:

答案 0 :(得分:1)

在包含dbconnection时覆盖$password

include('connection.php');

有:

$password="mypassword";

以前你设置:

$password=validateFormData($_POST['password']);

因此您的哈希密码不是用户的密码,而是您的数据库密码。

我会在所有数据库凭据变量前加db_。因此,您的数据库密码变量将为$db_password。这将允许您在整个项目中拥有不同的变量(我认为)。

此外,您应该使用$formPass,而不是$newpass$newpass将在verify函数处进行双重哈希。

$formEmail=validateFormData($_POST['loginEmail']);
$formPass=validateFormData($_POST['loginPassword']);
$newPass=password_hash($formPass,PASSWORD_DEFAULT);

所以改变:

if(password_verify($newPass,$LogPass))

为:

if(password_verify($formPass, $LogPass))

答案 1 :(得分:0)

password_verify期望明文密码作为其第一个参数。要修复您的代码,请删除以下行:

$newPass=password_hash($formPass,PASSWORD_DEFAULT);

并更改此行:

if(password_verify($newPass,$LogPass))

以下内容:

if(password_verify($formPass,$LogPass))