PHP password_verify返回false

时间:2016-08-01 00:44:55

标签: php mysql

我有2个项目1只用于检查用户名和密码(如果它们存在于数据库中,其功能是password_verify()正常工作,另一个你可以注册然后登录,但在这1中的函数password_verify总是返回false,即使我有两个相同的代码,但改变了表名我会发布项目,所以如果有人可以帮我请。 我确实检查它是否正常连接到数据库并返回正确的电子邮件结果,但是当比较散列传递与输入的传递时,它总是错误的。

Index.php是主页面,只包含两个php行:

  1. 包括( “signup.php”);
  2. 包括( “login.php中”);

    3. Connection.php 

       <?php
$server="localhost";
$db_username="myusername";
$db_password="mypassword";
$db="test_db";

$conn=mysqli_connect($server,$db_username,$db_password,$db);


if(!$conn)
    die ("Connection Failed: ".mysqli_connect_error());


?>

    signup.php 

    <?php
session_start();
if(isset($_POST['signup']))
{   
     function validateFormData($formData)
    {
        $formData=trim(stripcslashes(htmlspecialchars($formData)));
        return $formData;
    }

    $email=validateFormData($_POST['email']);
    $password=validateFormData($_POST['password']);

    if(!$_POST['email'])
        $error.="Please enter an email<br>";

    else if(!filter_var($_POST['email'],FILTER_VALIDATE_EMAIL))
    {
        $error.="Please enter a valid email<br>";
    }

    if(!$_POST['password'])
        $error.="Please enter a password<br>";

    else
    {
        if(strlen($_POST['password'])<8)
            $error.="Password must contain at least 8 characters<br>";

        if(!preg_match('`[A-Z]`',$_POST['password']))
            $error.="Password must contain at least one capital letter<br>";
    }

    if($error)
    {
        echo "<div class='alert alert-danger text-center lead'><a class='close red' data-dismiss='alert'>&times;</a>".$error."</div>";
    }
    else
    { 
        include('connection.php');

        $query="SELECT * FROM `diary` WHERE email='".mysqli_real_escape_string($conn,$email)."'";

        $result=mysqli_query($conn,$query);
        $results=mysqli_num_rows($result);

        if($results)
            echo "<div class='alert alert-danger text-center lead'>This email already exists, do you want to log in?<a class='close red' data-dismiss='alert'>&times;</a></div>";

        else
        {
         $selectUser=mysqli_real_escape_string($conn,$email);
         $hashedPass=password_hash($password,PASSWORD_DEFAULT);
         $query="INSERT INTO `diary`(`email`, `password`) VALUES ('$selectUser','$hashedPass')";   
         mysqli_query($conn,$query);
         echo "<div class='alert alert-success text-center lead'>You've been signed up!<a class='close green' data-dismiss='alert'>&times;</a></div>";

         $_SESSION['id']=mysqli_insert_id($conn);


        }
 }

}


?>

    的login.php 

    <?php

if(isset($_POST['login']))
{


    function validateFormData($formData)
    {
        $formData=trim(stripcslashes(htmlspecialchars($formData)));
        return $formData;
    }


    $formEmail=validateFormData($_POST['loginEmail']);
    $formPass=validateFormData($_POST['loginPassword']);
    $newPass=password_hash($formPass,PASSWORD_DEFAULT);
    echo $newPass;

    include("connection.php");

    $query="Select * from diary where email='$formEmail' ";

    $result=mysqli_query($conn,$query);

      if(mysqli_num_rows($result)>0)
    {
        while($row=mysqli_fetch_assoc($result))
        { 
            $LogEmail= $row['email'];
            $LogPass= $row['password'];
            echo "<br>".$LogPass;

        }
        if(password_verify($newPass,$LogPass))
        {
            echo "<br>Correct Password";    
        }
          else
              echo "<br>Not Correct"; 
    }


}

?>
       $ newPass的输出是:“$ 2y $ 10 $ dw0AtEExMc41p4nUB3W9kOOWTcNZmQev9jM4emNn7oQNODfu6Ld.q”

         

    $ LogPass的输出是:“$ 2y $ 10 $ biz6Z5nxsMZXNf7p3ebqw.pksPb1VhWEmoan776rMqOC7VcFRQbrK”

    索引 

    <?php

include("signup.php");
include("login.php");

?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="">
    <meta name="author" content="">
    <title>Secret Diary</title>

    <link rel="stylesheet" href="css/Normalize.css">
    <link rel="stylesheet" href="bootstrap/css/bootstrap.min.css">
    <link rel="stylesheet" href="css/style.css">

    <!--[if IE]>
        <script src="https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js"></script>
        <script src="https://cdnjs.cloudflare.com/ajax/libs/respond.js/1.4.2/respond.min.js"></script>
    <![endif]-->

</head>

<body>
    <div class="container">
      <form class="form-horizontal emailForm" role="form" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>">
          <legend><h1 class="text-center">Sign Up</h1></legend>
        <div class="form-group">
          <label class="control-label col-sm-2" for="email" >Email:</label>
          <div class="col-sm-10">
             <input type="email" class="form-control" style="width:90%" id="email" placeholder="Enter Email"  name="email" value="<?php echo addslashes($_POST['email']);?>">   
          </div>
        </div>
        <div class="form-group">
          <label class="control-label col-sm-2" for="pwd">Password:</label>
          <div class="col-sm-10">
            <input type="password" class="form-control" style="width:90%" id="pwd" placeholder="Password" name="password">
          </div>
        </div>
        <div class="form-group">
          <div class="col-sm-offset-2 col-sm-10">
            <button type="submit" class="btn btn-success " id="btnClick" name="signup">Sign Up</button>
          </div>
        </div>
      </form><!--SIGN UP-->

         <form class="form-horizontal emailForm" role="form" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>">
          <legend><h1 class="text-center">Log In</h1></legend>
        <div class="form-group">
          <label class="control-label col-sm-2" for="LogInEmail" >Email:</label>
          <div class="col-sm-10">
             <input type="email" class="form-control" style="width:90%" id="LogInEmail" placeholder="Enter Email"  name="loginEmail" value="<?php echo addslashes($_POST['loginEmail']);?>">   
          </div>
        </div>
        <div class="form-group">
          <label class="control-label col-sm-2" for="LogInPassword">Password:</label>
          <div class="col-sm-10">
            <input type="password" class="form-control" style="width:90%" id="LogInPassword" placeholder="Password" name="loginPassword">
          </div>
        </div>
        <div class="form-group">
          <div class="col-sm-offset-2 col-sm-10">
            <button type="submit" class="btn btn-success " id="btnClick" name="login">Log In</button>
          </div>
        </div>
      </form><!--LOG IN-->
</div>
    <script src="js/JQuery.min.js"></script>
    <script src="bootstrap/js/bootstrap.min.js" type="text/javascript"></script>
    <script src="js/script.js" type="text/javascript"></script>
</body>
</html>

2 个答案:

答案 0 :(得分:1)

在包含dbconnection时覆盖$password

include('connection.php');

有:

$password="mypassword";

以前你设置:

$password=validateFormData($_POST['password']);

因此您的哈希密码不是用户的密码,而是您的数据库密码。

我会在所有数据库凭据变量前加db_。因此,您的数据库密码变量将为$db_password。这将允许您在整个项目中拥有不同的变量(我认为)。

此外,您应该使用$formPass,而不是$newpass$newpass将在verify函数处进行双重哈希。

$formEmail=validateFormData($_POST['loginEmail']);
$formPass=validateFormData($_POST['loginPassword']);
$newPass=password_hash($formPass,PASSWORD_DEFAULT);

所以改变:

if(password_verify($newPass,$LogPass))

为:

if(password_verify($formPass, $LogPass))

答案 1 :(得分:0)

password_verify期望明文密码作为其第一个参数。要修复您的代码,请删除以下行:

$newPass=password_hash($formPass,PASSWORD_DEFAULT);

并更改此行:

if(password_verify($newPass,$LogPass))

以下内容:

if(password_verify($formPass,$LogPass))
相关问题
最新问题