PHP password_verify("用户输入",$ hash);不工作

时间:2017-02-25 20:11:48

标签: php hash

我知道这个问题已被多次询问和回答,但这些解决方案都不适用于我。我正在尝试创建一个简单的登录系统,使用password_hash()和password_verify()我的数据库密码上有varchar(255)只是为了确保它不会剪掉哈希的结尾,我确保哈希是password_hash()生成的数据与数据库中的数据完全相同,任何人都看不到问题?

这是我的register.php页面

<html>
<head>
    <meta charset="utf-8">
</head>

<body>
    <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
        <input type="text" name="username" placeholder="username">
        <input type="password" name="password" placeholder="password">
        <input type="submit" name="register" value="register">
    </form>

    <?PHP

    if(isset($_POST['register'])){
require_once('connect.php');
$conn = connUsers('write');
        $stmt = $conn->prepare("INSERT INTO users(user, pass)
        VALUES(:user, :pass)");
        $stmt->bindParam(':user', $user);
        $stmt->bindParam(':pass', $hash);
        $pass = $_POST['password'];
        $hash = password_hash($password, PASSWORD_DEFAULT);
        $user = $_POST['username'];

        $stmt->execute();
        echo '<script>alert("User successfully created");</script>';
    }
    ?>
</body>

这是我的login.php页面

<html>
<head>
    <meta charset="utf-8">
</head>

<body>
    <form name="login-form" method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
        <input type="text" name="username" placeholder="Username">
        <input type="password" name="password" placeholder="Password">
        <input type="submit" name="login" value="login">
    </form>
</body>

<?PHP

require_once('connect.php');
$conn = connUsers('read');
    if(isset($_POST['login'])){

        $user = $_POST['username'];
        $pass = $_POST['password'];
        $checkUser = null;

        $sql = "SELECT id, user, pass FROM users WHERE user = '$user'";

        $result = $conn->query($sql);

        foreach($result as $check){
            $checkUser = $check['user'];
            $hash = $check['pass'];
        }

        if(is_null($checkUser)){
            echo '<script>alert("User does not exist");</script>';
        }else{


            if(password_verify($pass, $hash)){

               echo '<script>alert("you have successfully logged in");</script>';
            }else{
                echo '<script>alert("Incorrect password");</script>';
            }
        }
    }
?>

有人能看到问题吗?

1 个答案:

答案 0 :(得分:0)

我在您的登录系统上找不到错误,因此我为您“制作”了这个

<?php
   $conn = mysqli_connect("localhost", "root", "", "blog");

// Check connection
if($conn === false){
    die("ERROR" . mysqli_connect_error());
}
if(isset($_POST["login"]))  
 {  
      if(empty($_POST["username"]) || empty($_POST["password"]))  
      {  
           echo '<script>alert("Both Fields are required")</script>';  
      }  
      else  
      {  
           $username = mysqli_real_escape_string($conn, $_POST["username"]);  
           $password = mysqli_real_escape_string($conn, $_POST["password"]);  
           $query = "SELECT * FROM users WHERE username = '$username'";  
           $result = mysqli_query($conn, $query);  
           if(mysqli_num_rows($result) > 0)  
           {  
                while($row = mysqli_fetch_array($result))  
                {  
                     if(password_verify($password, $row["password"]))  
                     {  
                          //return true;  
                          $_SESSION["username"] = $username;  
                          echo 'Logged In';
                          echo '<p><a href="logout.php">Logout</a></p>';  
                     }  
                     else  
                     {  
                          //return false;  
                          echo '<script>alert("Wrong User Details")</script>';  
                     }  
                }  
           }  
           else  
           {  
                echo '<script>alert("Wrong User Details")</script>';  
           }  
      }  
 }  
 ?>  
<html>

   <head>

   </head>

   <body bgcolor = "#FFFFFF">

    <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
        <input type="text" name="username" placeholder="username">
        <input type="password" name="password" placeholder="password">
        <input type="submit" name="login" value="login">
    </form>
   </body>
</html>
相关问题
最新问题