password_verify()始终返回false

时间:2016-11-16 16:44:03

标签: php mysql login

我是新手,我正在尝试使用PHP和Mysql创建登录系统。完成注册表并添加少量用户后,我试图创建一个登录表单。但它始终返回false,说我的Your username or password is incorrect!。以下是我的代码。如果有人可以帮助我,那将是很棒的。如果我的疑问太基础,请提前抱歉:/     

<?php
    session_start();
    include '.\includes\functions\db.php';
?>

<?php
    $username = strtolower(mysqli_real_escape_string($db, $_POST['username']));
    $password = strtolower(mysqli_real_escape_string($db, $_POST['password']));

    $sql        = "SELECT * FROM users WHERE username = '$username' ";
    $result     = mysqli_query($db, $sql);
    $row        = mysqli_fetch_assoc($result);
    $hash_pwd   = $row['password'];
    echo $hash_pwd;
    echo $password;
    $hash       = password_verify($password, $hash_pwd);

    if ($hash ==0) {
        header("Location: ./index.php?error=check");
        exit();
    }else {
        $sql = "SELECT * FROM user WHERE username = '$username' AND password = '$hash_pwd'";
        $result = mysqli_query($db, $sql);
        if (mysqli_num_rows($result) == 0) {
            echo "Your username or password is incorrect!";
        }else {
            $_SESSION['id'] = $row['id'];
            $_SESSION['username'] = $row['username'];
        }
        //header("Location: ./index.php");
    }
?>

我的注册页面如下

<?php
//This Page is for registration of users
?>

<?php
// this php tag is for all includes
include '.\includes\functions\db.php';

?>

<?php
//print isset($_POST["submit"]);
//Getting all details inserted in form
if(isset($_POST["register"])){
    $username   = $_POST['username'];
    $firstname  = $_POST['firstname'];
    $lastname   = $_POST['lastname'];
    $email      = $_POST['email'];
    $password   = $_POST['password'];
    $date       = date('Y-m-d H:i:s');

    //Encrypting and Securing recieved data
    $username               = strtolower(mysqli_real_escape_string($db, $username));
    $firstname              = strtolower(mysqli_real_escape_string($db, $firstname));
    $lastname               = strtolower(mysqli_real_escape_string($db, $lastname));
    $email                  = strtolower(mysqli_real_escape_string($db, $email));
    $password               = strtolower(mysqli_real_escape_string($db, $password));
    $encryptedpassword      = password_hash($password, PASSWORD_DEFAULT);

    //To check duplication of email ids
    $sql        = "SELECT email FROM users WHERE email='$email'";
    $result     = mysqli_query($db, $sql);
    $row        = mysqli_num_rows($result);//$row will return count of rows if any duplicate email ids are found

    //To check duplication of usernames
    $sql2       = "SELECT username FROM users WHERE username='$username'";
    $result2    = mysqli_query($db, $sql2);
    $row2        = mysqli_num_rows($result2);//$row2 will return count of rows if any duplicate usernames are found

    //conditions to check what all duplicates are found
    if($row > 0 && $row2 >0){
        echo "Sorry...This email id and username is already taken!!!";
    } elseif ($row > 0 ) {
        echo "Sorry...This email id is already taken!";
    } elseif ($row2 > 0) {
        echo "Sorry...This Username is already taken!";
    }else {
        $query  = mysqli_query($db, "INSERT INTO users (username, firstname, lastname, password, email, regdate) VALUES
        ('$username', '$firstname', '$lastname', '$encryptedpassword', '$email', '$date')");
        if($query){
            echo "Thank You! you are now registered.";
        }
    }
}

?>

1 个答案:

答案 0 :(得分:0)

我的代码中的错误是由于我的where子句中的password ='$ hash_pwd'条件所致。当我使用给定的用户名重试行,然后使用php验证密码时,它按预期工作。我猜想使用password_hash()在php中散列的密码无法像加密一样被检索和验证。无论如何,谢谢您的所有答复