我遇到让password_verify正常工作的问题,它总是返回false(密码不正确)。当我回显密码时,它会显示正确的密码。有任何想法吗? 这是我的代码:
<?php
$servername = "localhost";
$database_name = "xxx";
$database_username = "xxx";
$database_password = "xxx";
$username = $_POST['username'];
$password = $_POST['password'];
$conn = mysqli_connect ($servername, $database_username, $database_password, $database_name);
$error_message = "";
$allowed_chars = "/^[A-Za-z .'-]+$/";
$email_chars = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
function error ($error) {
echo $error;
die();
}
if ($conn->connect_error) {
die ("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT username, password FROM users";
$query = mysqli_query ($conn, $sql);
while ($row = mysqli_fetch_assoc ($query)) {
echo 'Username: ' . $row["username"] . '<br>' . 'Password: ' . $password . '<br>' . 'Hashed Password: ' . $row["password"] . '<br><br>';
}
$hashed_password = "SELECT password FROM users WHERE username = '$username'";
$query = mysqli_query ($conn, $hashed_password);
if (!isset ($query)) {
echo '$query doesn\'t appear to be set' . '<br>';
} else {
echo '$query is set' . '<br>';
}
$password_input = password_verify ($password, $hashed_password);
$result = mysqli_fetch_assoc ($query);
$login_cred = "SELECT * FROM users WHERE username='$username'";
if ($password_input) {
echo 'The password you entered is correct!';
} else {
echo 'The password you entered is incorrect!';
}
?>
Database structure for password
干杯,非常感谢任何帮助。
答案 0 :(得分:1)
$hashed_password是一个SQL查询,而不是数据库的行输出。
这是固定的代码段
<?php
$hashed_password = "SELECT password FROM users WHERE username = '$username'";
$query = mysqli_query ($conn, $hashed_password);
$row = mysqli_fetch_assoc ($query);
$hashed_password = $row['password'];
?>
这是实施的代码段
<?php
$servername = "localhost";
$database_name = "xxx";
$database_username = "xxx";
$database_password = "xxx";
$username = $_POST['username'];
$password = $_POST['password'];
$conn = mysqli_connect ($servername, $database_username, $database_password, $database_name);
$error_message = "";
$allowed_chars = "/^[A-Za-z .'-]+$/";
$email_chars = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
function error ($error) {
echo $error;
die();
}
if ($conn->connect_error) {
die ("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT username, password FROM users";
$query = mysqli_query ($conn, $sql);
while ($row = mysqli_fetch_assoc ($query)) {
echo 'Username: ' . $row["username"] . '<br>' . 'Password: ' . $password . '<br>' . 'Hashed Password: ' . $row["password"] . '<br><br>';
}
$hashed_password = "SELECT password FROM users WHERE username = '$username'";
$query = mysqli_query ($conn, $hashed_password);
$row = mysqli_fetch_assoc ($query);
$hashed_password = $row['password'];
$password_input = password_verify ($password, $hashed_password);
$result = mysqli_fetch_assoc ($query);
$login_cred = "SELECT * FROM users WHERE username='$username'";
if ($password_input) {
echo 'The password you entered is correct!';
} else {
echo 'The password you entered is incorrect!';
}
?>