使用password_hash()我可以散列密码并将其作为长字符串存储在数据库中。
但是,当我尝试使用password_verify()时,我无法确认输入的值与存储在数据库中的哈希值相匹配,以便我可以登录。
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$sql = "SELECT * FROM User WHERE uid='$uid'";
$result = $conn->query($sql);
$row = $result->fetch_assoc();
$hash_pwd = $row['pwd'];
if (password_verify($pwd, $hash_pwd)) {
$sql = "SELECT * FROM User WHERE uid='$uid' AND pwd='$hash_pwd'";
$result = $conn->query($sql);
if (!$row = $result->fetch_assoc()) {
echo "Your username or password is incorrect!";
} else {
$_SESSION['id'] = $row['id'];
}
}